Re: hard links on Linux create local DoS vulnerability and security problems

To: Bruno Lustosa <bruno@xxxxxxxxxxx>
Subject: Re: hard links on Linux create local DoS vulnerability and security problems
From: "David F. Skoll" <dfs@xxxxxxxxxxxxxxxxxx>
Date: Mon, 24 Nov 2003 13:57:12 -0500 (EST)
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20031124182537.GA20997@xxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <200311241736.29572.jlell@xxxxxxxxxxxx> <20031124182537.GA20997@xxxxxxxxxxx>

On Mon, 24 Nov 2003, Bruno Lustosa wrote:

> Just checked this on 2.6.0-test9, and it will not work.

[Keeping SUID bits by making a hard link.]

This is true even on ancient version of Linux and UNIX.

A hard link just contains a name and an inode number.  The permissions
are stored in the inode, so all hard links share the same permissions,
owner, etc.

--
David.

References:
- hard links on Linux create local DoS vulnerability and security problems
  - From: Jakob Lell
- Re: hard links on Linux create local DoS vulnerability and security problems
  - From: Bruno Lustosa

Prev by Date: Re: yet another panic() in OpenBSD
Next by Date: GLSA: glibc (200311-05)
Previous by thread: Re: hard links on Linux create local DoS vulnerability and security problems
Next by thread: Re: hard links on Linux create local DoS vulnerability and security problems
Index(es):
- Date
- Thread