linkat(2) Operation not permitted
Pawel Jakub Dawidek
pjd at FreeBSD.org
Tue Sep 17 18:08:54 UTC 2013
On Sun, Sep 15, 2013 at 04:21:04PM -0700, Oleg Ginzburg wrote:
> Hi
>
> For some reason, creating hardlink within one UFS is failed for /usr/bin/chfn
> with "operation not permitted" messages (other file is ok)
This is because this file has 'schg' flag set. See:
# ls -lo /usr/bin/chfn
So this is difference in handling the 'schg' flag by UFS and ZFS.
I think I like UFS behaviour better. If regular user has write access to
some directory, which is part of the same file system as the set-uid
binary, then he can create hardlink to set-uid file and wait for a
security to be found in this set-uid file. For example if /tmp/ and
/usr/bin/ is on a single file system, I could create hardlink to chfn
and other set-uid-root binaries and once security hole is found and even
if system is updated, I still has access to the old set-uid-root binary
to exploit.
My suggestion would be to change ZFS behaviour to not allow hardlinks if
the 'schg' flag is set. Something like this (not even compile-tested):
http://people.freebsd.org/~pjd/patches/zfs_vnops.c.8.patch
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://mobter.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-fs/attachments/20130917/ac27f204/attachment.sig>
More information about the freebsd-fs
mailing list