[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: basic security of linux

On Friday 2009 January 16 15:06:33 Vincent Zweije wrote:
>On Fri, Jan 16, 2009 at 01:45:44PM -0700, Michael Loftis wrote:
>||  --On January 16, 2009 7:29:13 PM +0100 Johannes Wiedersich
>||  <johannes@physik.blm.tu-muenchen.de> wrote:
>||  > IIRC, a hard link is the same file called two different names. If
>||  > dpkg/apt change the file in one location (security update), the other
>||  > one will be changed as well [1]...
>Hm! If it's not already that way, it might be a nice idea for a package
>manager to reset setuid bits before removing a setuid executable.

Removing the suid bits would be sufficient.  As dpkg is already running as 
root, this could normally be done just before the normal 
remove/upgrade/install process.

>||  Something that most packaging
>||  systems do not do, the reason being is that with the way modern
>||  systems/kernels execute code, this would modify running code (They
>||  generally mmap the code, readonly, into the processes address space).
>I expect the mmapped executable to be private and copy on write, so you
>can write all you want but you can't modify the map that's already in
>use by the process. You'll only manage breaking the sharing.
>||  FreeBSD atleast IIRC prevents this, Text File Busy/Text File In Use
>||  error.

As does Linux (openSUSE):
$ sudo /bin/sh -c '> /opt/kde3/bin/kget'
/bin/sh: /opt/kde3/bin/kget: Text file busy
Boyd Stephen Smith Jr.                     ,= ,-_-. =. 
bss@iguanasuicide.net                     ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy           `-'(. .)`-' 
http://iguanasuicide.net/                      \_/     

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: