Re: basically security of linux

To: debian-security@lists.debian.org
Subject: Re: basically security of linux
From: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>
Date: Fri, 16 Jan 2009 12:47:39 -0600
Message-id: <[🔎] 200901161247.43679.bss@iguanasuicide.net>
In-reply-to: <[🔎] 4970D1F9.4070101@physik.blm.tu-muenchen.de>
References: <[🔎] 497053F7.1010603@tu-dresden.de> <[🔎] 200901161017.25745.bss@iguanasuicide.net> <[🔎] 4970D1F9.4070101@physik.blm.tu-muenchen.de>

On Friday 2009 January 16 12:29:13 Johannes Wiedersich wrote:
>Boyd Stephen Smith Jr. wrote:
>> What about hardlinking the suid-root binaries to a hidden location,
>> waiting for a security hole to be found/fixed, and then running the old
>> binary to exploit the hole?
>
>IIRC, a hard link is the same file called two different names. If
>dpkg/apt change the file in one location (security update), the other
>one will be changed as well [1]...

True enough.  However, if you unlink the old version before writing the new 
version, you have a problem.  IIRC, GNU cp and GNU mv does the unlink/link 
rather than opening the destination with O_CREAT|O_TRUNC|O_WRITE.
-- 
Boyd Stephen Smith Jr.                     ,= ,-_-. =. 
bss@iguanasuicide.net                     ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy           `-'(. .)`-' 
http://iguanasuicide.net/                      \_/

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

References:
- basically security of linux
  - From: Andreas Matthus <Andreas.Matthus@tu-dresden.de>
- Re: basically security of linux
  - From: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>
- Re: basically security of linux
  - From: Johannes Wiedersich <johannes@physik.blm.tu-muenchen.de>

Prev by Date: Re: basically security of linux
Next by Date: Re: basically security of linux
Previous by thread: Re: basically security of linux
Next by thread: Re: basically security of linux
Index(es):
- Date
- Thread