Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 7 Sep 2011 13:15:56 +0400
From: Vasiliy Kulikov <segoon@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: /tmp fs type

Solar,

While we have an option to setup /tmp as tmpfs, we probably should
support bind mounts for /tmp (and /home?) to deny creating links to sxid
binaries:

root@...atros:/tmp # ls /bin/ping -li
6223708 -rwx--s--x 1 root _icmp 34336 Mar 28 13:44 /bin/ping
root@...atros:/tmp # ln /bin/ping .
root@...atros:/tmp # ls -li ping 
6223708 -rwx--s--x 2 root _icmp 34336 Mar 28 13:44 ping
root@...atros:/tmp # rm ping 
root@...atros:/tmp # cd ..
root@...atros:/ # mount --bind /tmp /tmp
root@...atros:/ # ln /bin/ping /tmp
ln: creating hard link `/tmp/ping' to `/bin/ping': Invalid cross-device link

Thanks,

-- 
Vasiliy

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ