Vulnerability Development mailing list archives
Re: any user can make hard links in Unix
From: ant () NOTATLA DEMON CO UK (Antonomasia)
Date: Thu, 23 Dec 1999 02:01:32 GMT
Eilert Brinkmann <eilert () INFORMATIK UNI-BREMEN DE> writes:
It may be a good idea to permit only the owner of a file to hard link it. I don't know if this change will break anything, but in the moment I don't see any reason why users should be able to create hard links to files they don't own. Usually symlinks should do it. However, this would require a change in the kernel (should be easy to do).
Solar Designer's patch covers this (from false.com). README says: : Restricted links in /tmp : -------------------------- : : I've also added a link-in-/tmp security fix, originally by Andrew Tridgell. : I changed it to prevent from using hard links too, by not allowing non-root : users to create hard links to files they don't own. This seems to be the : desired behavior anyway, since otherwise users couldn't remove such links : they just created in a +t directory. I also added exploit attempt logging. The only snag I've found with this is that making hard links to files owned by another user is desirable for locking, as indicated in man open(2) in the section on O_EXCL. -- ############################################################## # Antonomasia ant () notatla demon co uk # # See http://www.notatla.demon.co.uk/ # ##############################################################
Current thread:
- Re: any user can make hard links in Unix Eilert Brinkmann (Dec 22)
- <Possible follow-ups>
- Re: any user can make hard links in Unix Antonomasia (Dec 22)