Re: basically security of linux
On 2009-01-16, Boyd Stephen Smith Jr. <bss@iguanasuicide.net> wrote:
> --nextPart7126651.dTOK38xoNi
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> Content-Disposition: inline
>
> On Friday 2009 January 16 04:13:10 Michael Loftis wrote:
>>--On January 16, 2009 10:31:35 AM +0100 Andreas Matthus
>><Andreas.Matthus@tu-dresden.de> wrote:
>>> But since some days I mull over a question: What happens if a user run
>>> a selfcopy from a program with a security hole? I'm afraid he can get
>>> root-rights. Isn't it?
>>In general, no. This requires an exploitable kernel bug. That said, there
>>have been some of these in the past, and new ones will likely be discovered
>>in the future, but that's far more rare. Anything you run as root should
>>only ever come from trusted sources for this reason.
>
> What about hardlinking the suid-root binaries to a hidden location, waiting=
>=20
> for a security hole to be found/fixed, and then running the old binary to=20
> exploit the hole? Does dpkg handle suid/sgid files so that this is=20
> prevented?
dpkg does strip suid/sgid bits before removing the files - at least when
I tested exactly that a year ago.
/Sune
Reply to: