Bugtraq mailing list archives

Re: hard links on Linux create local DoS vulnerability and security problems

From: "David F. Skoll" <dfs () roaringpenguin com>
Date: Mon, 24 Nov 2003 13:57:12 -0500 (EST)

On Mon, 24 Nov 2003, Bruno Lustosa wrote:

Just checked this on 2.6.0-test9, and it will not work.


[Keeping SUID bits by making a hard link.]

This is true even on ancient version of Linux and UNIX.

A hard link just contains a name and an inode number.  The permissions
are stored in the inode, so all hard links share the same permissions,
owner, etc.

--
David.

Current thread:

hard links on Linux create local DoS vulnerability and security problems Jakob Lell (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Brian Bennett (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Bruno Lustosa (Nov 24)
  - Re: hard links on Linux create local DoS vulnerability and security problems David F. Skoll (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Steven Leikeim (Nov 24)
- Re: [Full-Disclosure] hard links on Linux create local DoS vulnerability and security problems Michal Zalewski (Nov 24)
- <Possible follow-ups>
- Re: hard links on Linux create local DoS vulnerability and security problems Alan J Rosenthal (Nov 24)
  - Re: hard links on Linux create local DoS vulnerability and security problems Carl Ekman (Nov 24)
  - Re: hard links on Linux create local DoS vulnerability and security problems Casper Dik (Nov 24)