On Mon, 2014-11-10 at 13:28 -0500, Stephen Frost wrote: > Should there be a hard-link count check also..? Haven't really thought > it all the way through, but that's a common thing to check also.. hmm not sure if that helps anything... A normal user cannot create hardlinks on files owned by other users, right? So if the owner check already shows that the socket belongs to the current user, then no on (but a evil root) could have created such hardlink, except the user itself. And since no one but root can chown the owern of a file, it should neither work, that a evil userB creates a mux socket, hardlinks it and then changes the owner to good userA of one of the hardlinks. Or am I wrong? (I'm truly no expert in these kind of filesystem level hacks) Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
