On Sat, 30 Dec 2006, Colin Percival wrote:
Bill Moran wrote:
You also describe a scenerio where a user can create a jail of his own
design and give himself root inside it, thus allowing him to use the setuid
trick to get root on the host as well. The place this falls down is that
the user would need to already have root to create the jail in the first
place.
Not necessarily. An unprivileged user can create hard links to binaries he
doesn't own, including suid binaries.
BTW, I understand that Solaris has now changed the default to be that users
cannot hard link files they don't own. We have a sysctl option for that -- if
this is now a widespread default, I wonder if we should be considering
switching the default?
Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
