[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vuln-dev
Subject:    Re: any user can make hard links in Unix
From:       Antonomasia <ant () NOTATLA ! DEMON ! CO ! UK>
Date:       1999-12-23 2:01:32
[Download RAW message or body]

Eilert Brinkmann <eilert@INFORMATIK.UNI-BREMEN.DE> writes:

> It may be a good idea to permit only the owner of a file to hard link
> it. I don't know if this change will break anything, but in the moment
> I don't see any reason why users should be able to create hard links
> to files they don't own. Usually symlinks should do it. However, this
> would require a change in the kernel (should be easy to do).

Solar Designer's patch covers this (from false.com).  README says:

:  Restricted links in /tmp
: --------------------------
:
: I've also added a link-in-/tmp security fix, originally by Andrew Tridgell.
: I changed it to prevent from using hard links too, by not allowing non-root
: users to create hard links to files they don't own. This seems to be the
: desired behavior anyway, since otherwise users couldn't remove such links
: they just created in a +t directory. I also added exploit attempt logging.

The only snag I've found with this is that making hard links to files owned
by another user is desirable for locking, as indicated in man open(2) in
the section on O_EXCL.

--
##############################################################
# Antonomasia   ant@notatla.demon.co.uk                      #
# See http://www.notatla.demon.co.uk/                        #
##############################################################

[prev in list] [next in list] [prev in thread] [next in thread]