[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-2021-44731: Race condition in snap-confine's setup_private_mount()
From:       Simon McVittie <smcv () debian ! org>
Date:       2022-02-23 11:33:04
Message-ID: YhYbcF7Iy9rwr3V5 () momentum ! pseudorandom ! co ! uk
[Download RAW message or body]

On Wed, 23 Feb 2022 at 08:54:49 +0100, Wire Snark wrote:
> Why it isn't possible to copy the snap-confine binary into a directory
> for the same effect -- instead of hardlinking it?

If you copy a file you don't own, then the copy is owned by you, and has
permissions controlled by you: in particular, if you're not root, then the
copy can't be setuid root.

If you hard-link a file you don't own (which some kernel configurations
don't allow), then that filename points to the same inode as the original
filename, so it has the same ownership and permissions as the original file
(and in particular it's still setuid root).

    smcv
[prev in list] [next in list] [prev in thread] [next in thread]