oss-sec mailing list archives
Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount()
From: Simon McVittie <smcv () debian org>
Date: Wed, 23 Feb 2022 11:33:04 +0000
On Wed, 23 Feb 2022 at 08:54:49 +0100, Wire Snark wrote:
Why it isn't possible to copy the snap-confine binary into a directory for the same effect -- instead of hardlinking it?
If you copy a file you don't own, then the copy is owned by you, and has permissions controlled by you: in particular, if you're not root, then the copy can't be setuid root. If you hard-link a file you don't own (which some kernel configurations don't allow), then that filename points to the same inode as the original filename, so it has the same ownership and permissions as the original file (and in particular it's still setuid root). smcv
Current thread:
- CVE-2021-44731: Race condition in snap-confine's setup_private_mount() Qualys Security Advisory (Feb 17)
- Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount() Wire Snark (Feb 23)
- Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount() Simon McVittie (Feb 23)
- Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount() Wire Snark (Feb 23)