Comment 13 for bug 634183
Revision history for this message
|
|
#13 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
(In reply to comment #6)
> The mechanism for the escalation vector for all of
> setuid/setgid has CVE (and ancient fix resurrected)
> capabilities has CVS (and current fix)
> ACL's "wrong"
> XATTR's SE Linux uses these
> is identical:
>
> Robert uses RPM to install a file on a path attaching metadata to inode.
> Malicious Mark (or Sysadmin Susie) creates a hardlink to the file.
> Robert removes the package and RPM removes the file it created.
At this point, Mark has a hard link to a file that was previously RPM-managed. You haven't described the actual escalation.
> Either _ALL_ or _NONE_ of the metadata cleanup issues that are left attached to
> Mark's
> hardlink that (possibly) can be used as escalation vectors need to be addressed
> by RPM.
POSIX ACLs do not constitute an escalation vector that would allow a user to run the executable with privileges he/she could not otherwise obtain.