Boyd Stephen Smith Jr. wrote:
What about hardlinking the suid-root binaries to a hidden location, waiting
for a security hole to be found/fixed, and then running the old binary to
exploit the hole? Does dpkg handle suid/sgid files so that this is
prevented?
Hi,
Having /home, /tmp, (/usr)?/s?bin and /opt on different partitions is a
solution. A normal user should not have the right to create a file
outside /home or /tmp, and there should be no SUID file outside
(/usr)?/s?bin or /opt. No hard-linking is possible across devices.
François.
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
