[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: basically security of linux

On 2009-01-16, Boyd Stephen Smith Jr. <bss@iguanasuicide.net> wrote:
> --nextPart7126651.dTOK38xoNi
> Content-Type: text/plain;
>   charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> Content-Disposition: inline
> On Friday 2009 January 16 04:13:10 Michael Loftis wrote:
>>--On January 16, 2009 10:31:35 AM +0100 Andreas Matthus
>><Andreas.Matthus@tu-dresden.de> wrote:
>>> But since some days I mull over a question: What happens  if a user run
>>> a selfcopy from a program with a security hole? I'm afraid he can get
>>> root-rights. Isn't it?
>>In general, no.  This requires an exploitable kernel bug.  That said, there
>>have been some of these in the past, and new ones will likely be discovered
>>in the future, but that's far more rare.  Anything you run as root should
>>only ever come from trusted sources for this reason.
> What about hardlinking the suid-root binaries to a hidden location, waiting=
> for a security hole to be found/fixed, and then running the old binary to=20
> exploit the hole?  Does dpkg handle suid/sgid files so that this is=20
> prevented?

dpkg does strip suid/sgid bits before removing the files - at least when
I tested exactly that a year ago.


Reply to: