-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 02/13/2015 07:47 PM, Daniel Kahn Gillmor wrote: > On Fri 2015-02-13 12:28:25 -0500, Kristian Fiskerstrand wrote: >> The startup-scripts provided by whichever sane distribution >> should fix this anyways to be a non-issue. From the Gentoo >> /etc/init.d/sks-db: >> >> start_pre() { checkpath --owner sks:sks --directory \ ${SKS_DIR} >> ${SKS_DIR}/KDB ${SKS_DIR}/PTree checkpath --owner sks:sks --file >> \ ${SKS_DIR}/*.log ${SKS_DIR}/KDB/* ${SKS_DIR}/PTree/* } > > I don't know what checkpath is, but i assume it's intended to force > the ownership to a given user.
init helper that is part of OpenRC (for those of us that can't stand the systemd philosophy). A copy of the source at [0] > > This suggests that (depending on the kernel version and > configuration, i guess) the sks process can actually take control > over arbitrary files in the same filesystem by hardlinking them > into those locations. > > For example, if someone uses the same filesystem for their entire > machine (a common configuration these days) then somoene who has > taken control of an sks instance can do: > > ln /etc/passwd ${SKS_DIR}/passwd.log > > then at the next service start, /etc/passwd will be owned as > sks:sks. Curious attack vector, from a quick glance this would actually work :| Thanks for pointing that out, will look into how to mitigate that. Reference: [0] https://github.com/OpenRC/openrc/blob/master/src/rc/checkpath.c - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- "History repeats itself; historians repeat each other" (Philip Guedalla) -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU3kkRAAoJEP7VAChXwav6Kv8H/0wP4n/nqNqEZfV9eklw/UDL wMJrOXuH/N0mjlFOZOYXE6ts/6fKPAxq3NaQjOEr8w6roC+HQGirqEj3foLBVhpi 472CWAh9Q20azE+XGD9/Mzt2oL/W4sr6qKmdP+Ae+p9C73ergUPRF7kNttyUeUge txR8fNRhRjo+IXuQLdo2DqEVHOFAi/2Y5MninxL5jULZRI+B6UruUq1+ezDv0aBl kme4vq+/9OvEp5W6WVHDLP5bSukAZdsG8eYTaJxdhh8AMe7FHlxoKwpO2VcqLYyF YORZm39LDzANemXWSnMvDeQSMACRxf/ylZyTHoqT3kWLJp/U/nrg0UXOdJ0RZLc= =DG6j -----END PGP SIGNATURE----- _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel