Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20111202024643.GA10717@openwall.com>
Date: Fri, 2 Dec 2011 06:46:43 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: Re: [owl-cvs] Owl/packages/rpm

On Fri, Dec 02, 2011 at 05:30:44AM +0400, Dmitry V. Levin wrote:
> In Sisyphus, to mitigate the effect, I relaxed the hardening by limiting
> zeroing permissions of regular files to set[ug]id executables (devices and
> other non-regular files thus remain the subject of permissions zeroing):
> http://git.altlinux.org/gears/r/..git?p=rpm.git;a=commitdiff;h=3946369bfbc2e47f0742a397362c23c9aeafd03f

This makes sense to me.  Can you get this into Owl as well, please?

Also, we (you?) need to post a follow-up to the thread on oss-security.

> But the example of 'screen' shows that even a set[ug]id executable can be
> a (rare?) subject for legal hardlinking, which leaves us nothing but
> workarounds like manual files removal in %preun scripts.

Yes.

> If we could
> distinguish %ghost files from others on removal, that would really help us
> to fix the problem.

Maybe, but this would not help with hard-linked trees created by an
admin using "cp -al".  These are indistinguishable from "malicious"
hard-links created by non-admins.

Well, arguably removing/upgrading a package in one of such trees and
hoping that the rest would not be affected is naive, though.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.