1 |
Michael Orlitzky <mjo@g.o> wrote: |
2 |
> |
3 |
> The fact that all permission and ownership information is shared is |
4 |
> precisely the problem. When you change ownership of the hardlink (which |
5 |
> you'll never know is a hardlink), you change ownership of /etc/shadow. |
6 |
|
7 |
Why should this be a problem except for a race between reading |
8 |
and changing the ownership? |
9 |
Admittedly, by using "find ... -exec ... +" the time for an exploit |
10 |
of the race is even increased when a "standard" chown command is used. |
11 |
|
12 |
However, it is no rocket science to write a race-free chown command |
13 |
in C: Just open the file and use stat() and fchown() to be sure to |
14 |
change only files from the "correct" user. |
15 |
|
16 |
Since this works on the filehandle and not on the filename, I think |
17 |
that there is no possibility for an exploit when this is used in the |
18 |
above find loop. |