From: Bruce S. <bw...@ar...> - 2004-04-27 17:21:58
|
> > > While I'm on the topic, I think another pontential hole is the linuxrc > > > script that discovers the etc.tar.bz2 file on boot... since multiple > > > locations are checked, if an unpriveleged user can introduce an > > > etc.tar.bz2 file onto a drive that is checked before the real one, then > > > they can control the machine on the next reboot. We should check the > > > file for "root" ownership and that it is not writeable by anyone else > > > before loading it. Of course not being a bash master I'm not sure how to > > > write that... > > > > > That won't work because a regular user could run "chmod 600 etc.tar.bz2" > > and then a "chown root etc.tar.bz2" once they are done creating it. > > (unless we restrict execution of chown/chmod only to root) > > > > You'll have to make sure a normal user doesn't have write access to the > > root directory of any partition checked by linuxrc. Unless you have > > another idea .... ? > > Not true, a non-priveleged user can't reassign ownership to another > user... I ran a quick test and confirmed it on my box. OK, that appears to be the case now. I haven't tried that for a long time on Linux. BTW, I can still do it on HP-UX 11.0, just tried it. That being the case, I'm still not sure it's worth checking in linuxrc. Mainly because not all filesystems support the concept of "owner". Especially floppies & USB memory sticks which are formatted as FAT. If you use LVM for your disk partitions (as specified in the DL docs), then you won't have the problem because linuxrc doesn't check LVM volumes. If you use normal partitions, make sure that their root directory is only root writable. That with the fact that normal users can't mount partitions should keep you safe. - BS |