| 1 |
On Mon, 30 Jan 2017 11:29:02 -0500 |
| 2 |
Michael Orlitzky <mjo@g.o> wrote: |
| 3 |
|
| 4 |
> On 01/30/2017 09:25 AM, Alan McKinnon wrote: |
| 5 |
> >> |
| 6 |
> >> Any user can create a hard link in its home directory |
| 7 |
> >> to /etc/shadow, so long as (a) they live on the same filesystem, |
| 8 |
> >> and (b) there are no special kernel protections in place to |
| 9 |
> >> prevent it. If you call chown on that hard link, it will change |
| 10 |
> >> the ownership of /etc/shadow. |
| 11 |
> > |
| 12 |
> > That is absolutely not true, at least for the case of classic Unix |
| 13 |
> > filesystems. |
| 14 |
> > |
| 15 |
> > ... |
| 16 |
> > |
| 17 |
> > I cannot chmod, chown or chgrp |
| 18 |
> > /etc/shadow because I do not own it, and the kernel will not let me |
| 19 |
> > ln it either: |
| 20 |
> > |
| 21 |
> > alan@khamul /alan $ ln /etc/shadow |
| 22 |
> > ln: failed to create hard link './shadow' => '/etc/shadow': |
| 23 |
> > Operation not permitted |
| 24 |
> > |
| 25 |
> |
| 26 |
> You have the fs.protected_hardlinks sysctl enabled. We patch that in |
| 27 |
> gentoo-sources, but it's off by default in vanilla-sources. Try again |
| 28 |
> with it disabled (and don't forget to turn it back on). Once the hard |
| 29 |
> link has been created, a "chown -R foo /alan" or the equivalent "find |
| 30 |
> ..." command will change the ownership of /etc/shadow. |
| 31 |
> |
| 32 |
> |
| 33 |
|
| 34 |
No, that is also enabled by default on vanilla kernels, I just verified |
| 35 |
on my machine running a vanilla kernel. It doesn't matter anyway, since |
| 36 |
the permissions and ownership information is stored in the inode, not |
| 37 |
the dentry so all hardlinks have exactly the same permissions. |
Archives