Re: BUG: simple attack when control channel muxing is used (was: Re: ControlMaster question)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Mon, 2014-11-10 at 13:28 -0500, Stephen Frost wrote: 
> Should there be a hard-link count check also..?  Haven't really thought
> it all the way through, but that's a common thing to check also..
hmm not sure if that helps anything... 

A normal user cannot create hardlinks on files owned by other users,
right?

So if the owner check already shows that the socket belongs to the
current user, then no on (but a evil root) could have created such
hardlink, except the user itself.

And since no one but root can chown the owern of a file, it should
neither work, that a evil userB creates a mux socket, hardlinks it and
then changes the owner to good userA of one of the hardlinks.

Or am I wrong? (I'm truly no expert in these kind of filesystem level
hacks)


Cheers,
Chris.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux