Re: hard links create local DoS vulnerability and security problems

From: Chris Wright (chrisw_at_osdl.org)
Date: 11/25/03

  • Next message: James Bottomley: "Re: test10 hangs on startup: NMI watchdog hits Adaptec driver" 
    Date:	Mon, 24 Nov 2003 16:35:53 -0800
To: bill davidsen <davidsen@tmr.com>

    * bill davidsen (davidsen@tmr.com) wrote:
    >
    > While I think you're overblowing the problem, it is an issue which might
    > be addressed in SE Linux or somewhere. I have an idea on that, but I
    > want to look before I suggest anything.

    SELinux controls hard link creation by checking, among other things,
    the security context of the process attempting the link, and the security
    context of the target (oldpath). Other MAC systems do similar, and some
    patches such as grsec and owl simply disable linking to files the user
    can't read/write to for example.

    > Bear in mind it isn't a "problem" it's 'expected behaviour" for the o/s,
    > and might even be mentioned in SuS somehow. Interesting topic, but not a
    > bug, since the behaviour is as intended.

    SuS states:
            
            The implementation may require that the calling process has
            permission to access the existing file.

    Note the use of *may*.

    thanks,
    -chris 

    -- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
  • Next message: James Bottomley: "Re: test10 hangs on startup: NMI watchdog hits Adaptec driver"

    Relevant Pages