[UFS] Broken suiddir? (+patch)
Andre Guibert de Bruet
andy at siliconlandmark.com
Wed Mar 24 10:21:53 PST 2004
On Tue, 23 Mar 2004, Rafal Skoczylas wrote:
> from mount(8):
> [...]
> suiddir
> A directory on the mounted file system will respond to
> the SUID bit being set, by setting the owner of any new
> files to be the same as the owner of the directory. New
> directories will inherit the bit from their parents.
> Execute bits are removed from the file, and it will not
> be given to root.
>
> This feature is designed for use on fileservers serving
> PC users via ftp, SAMBA, or netatalk. It provides secu-
> rity holes for shell users and as such should not be used
> on shell machines, especially on home directories.
> [...]
>
> Additionaly, would someone be so kind to describe the risk caused by using
> SUIDDIR (mentioned in man) in more detail? Is there any "hidden" risk
> except those obvious (like created files that look like if someone else
> created them)? I tried searching google for such information but with
> no luck so far.
Imagine a scenario where a user uploads via SMB a windows executable and
another trojans it. User 1 has no idea that the file has been tampered
with and runs it. You've got yourself a problem.
Regards,
> Andre Guibert de Bruet | Enterprise Software Consultant >
> Silicon Landmark, LLC. | http://siliconlandmark.com/ >
More information about the freebsd-current
mailing list