Xref: utzoo comp.unix.wizards:13108 news.admin:4150 news.sysadmin:1781 comp.mail.uucp:2435 Path: utzoo!utgpu!watmath!clyde!att!rutgers!cmcl2!nrl-cmf!ukma!tut.cis.ohio-state.edu!cwjcc!mailrus!uwmcsd1!marque!uunet!munnari!vuwcomp!apmpyr!pgfdp From: pgfdp@nzapmb.co.nz (Paul Fox ) Newsgroups: comp.unix.wizards,news.admin,news.sysadmin,comp.mail.uucp Subject: Re: why chroot(1) isn't setuid (was: Dangerous hole in Usenet!) Summary: why allow links to s[ug]id files? Message-ID: <162@apmpyr.nzapmb.co.nz> Date: 2 Dec 88 21:42:02 GMT References: <1971@van-bc.UUCP> <572@comdesign.CDI.COM> <5517@medusa.cs.purdue.edu> <561@redsox.UUCP> <215@twwells.uucp> <155@ecicrl.UUCP> <1727@solo11.cs.vu.nl> Reply-To: pgfdp@nzapmb.co.nz (Paul Fox (Wellington)) Followup-To: comp.unix.wizards Organization: NZ Apple and Pear Marketing Board, Wellington, NZ Lines: 25 This topic started in the new.admin groups or somewhere, and it was explained why chrooting needs to be restricted to root, even though chroot seems on first blush to result in a restriction of privelege, not an expansion of privelege. Can someone tell me -- if the problems of chroot'ing are due to being able to ln an suid'ed file (e.g. "ln /bin/su /tmp; chroot /tmp ..."), and if the problems of set-uid shell scripts are due to being able to ln to an suid'ed script, could it be that we could kill several birds with one stone by preventing hard links to files with the suid bit set, and conversely not setting the bit on files with multiple links? Of course, I suppose it would be safe for the owner of an suid file to link to it. For symlinks, of course, the permission checking would need to be done when the link is followed, since you can't follow symlinks backwards when the "chmod u+s" is done. Perhaps the suid bit could be ignored if the inode was reached via symlink? What would be the cost of this inelegance? Are multiple links to suid files necessary? Would this sort of change be crushed by backwards incompatibility? ------------ paul fox, currently reachable as pgfdp@apmpyr.nzapmb.co.nz