Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 8 Sep 2011 12:12:49 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: /tmp fs type

On Wed, Sep 07, 2011 at 02:47:50PM +0400, Vasiliy Kulikov wrote:
> On Wed, Sep 07, 2011 at 14:19 +0400, Solar Designer wrote:
> > On Wed, Sep 07, 2011 at 01:49:45PM +0400, Vasiliy Kulikov wrote:
> > > How does the hardlink hardening protect against hardlinking into /home?
> > 
> > By not letting a user create hard links to files that they don't have
> > write permissions for.
> 
> -ow for 2.4 didn't have such protection, did it?  At least I'm not aware
> of it.

It did, and -ow for 2.0 and 2.2 did as well.

--- linux-2.4.37.9.orig/fs/namei.c	2010-02-01 21:04:46 +0000
+++ linux-2.4.37.9/fs/namei.c	2010-02-18 14:04:42 +0000
@@ -1653,6 +1726,31 @@ int vfs_link(struct dentry *old_dentry, 
 	if (!dir->i_op || !dir->i_op->link)
 		goto exit_lock;
 
+#ifdef CONFIG_HARDEN_LINK
+	/*
+	 * Don't allow users to create hard links to files they don't own,
+	 * unless they could read and write the file or have CAP_FOWNER.
+	 *
+	 * The real UID check is here as a workaround for atd(8) only, to
+	 * be removed one day.
+	 */
+	if (current->fsuid != inode->i_uid &&
+	    (!S_ISREG(inode->i_mode) ||
+	    (inode->i_mode & S_ISUID) ||
+	    ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) ||
+	    (error = permission(inode, MAY_READ | MAY_WRITE))) &&
+	    !capable(CAP_FOWNER) &&
+	    current->uid) {
+		security_alert("denied hard link to %d.%d "
+			"for UID %d, EUID %d, process %s:%d",
+			"hard links denied",
+			inode->i_uid, inode->i_gid,
+			current->uid, current->euid,
+			current->comm, current->pid);
+		goto exit_lock;
+	}
+#endif
+
 	DQUOT_INIT(dir);
 	lock_kernel();
 	error = dir->i_op->link(old_dentry, dir, new_dentry);

Similar restrictions for FreeBSD:

http://freebsd.monkey.org/freebsd-security/200403/msg00077.html

I think this has since become a standard feature on FreeBSD.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ