| 1 |
Michael Orlitzky <mjo@g.o> wrote: |
| 2 |
> |
| 3 |
> The fact that all permission and ownership information is shared is |
| 4 |
> precisely the problem. When you change ownership of the hardlink (which |
| 5 |
> you'll never know is a hardlink), you change ownership of /etc/shadow. |
| 6 |
|
| 7 |
Why should this be a problem except for a race between reading |
| 8 |
and changing the ownership? |
| 9 |
Admittedly, by using "find ... -exec ... +" the time for an exploit |
| 10 |
of the race is even increased when a "standard" chown command is used. |
| 11 |
|
| 12 |
However, it is no rocket science to write a race-free chown command |
| 13 |
in C: Just open the file and use stat() and fchown() to be sure to |
| 14 |
change only files from the "correct" user. |
| 15 |
|
| 16 |
Since this works on the filehandle and not on the filename, I think |
| 17 |
that there is no possibility for an exploit when this is used in the |
| 18 |
above find loop. |
Archives