cvs commit: src/bin/rm rm.1 rm.c
Simon 'corecode' Schubert
corecode at fs.ei.tum.de
Sun Nov 5 02:29:15 PST 2006
Victor Balada Diaz wrote:
On Sat, Nov 04, 2006 at 06:26:39PM -0800, Matthew Dillon wrote:
dillon 2006/11/04 18:26:39 PST
DragonFly src repository
Modified files:
bin/rm rm.1 rm.c
Log:
Sync our rm -P option with OpenBSD - if the file has a hardlink count
greater then one do not overwrite it or remove it, and issue a warning.
If you use -P you know what you're doing, or at least if you use -f
with -P. DragonFly by default allows any user to do a hard link to
a file he doesn't own, so if you really want to delete file contents
you must be able to.
I think in any case, rm -P should remove setuid/gid bits from the file, because if your intention originally was to completely remove the file, and suddenly it (and its links) stay arround, still with setuid set, it could be quite bad.
The situation I have in my head is (courtesy of vbd):
/home symlink to /usr/home
eviluser$ ln /usr/bin/lpr /usr/home/eviluser/tmp/lpr-faulty
# yay. lpr-faulty is setuid root
# security advisory: vuln in lpr
root# rm -P /usr/bin/lpr
root# # eh? warning? whatever, never find out where the link is
root# rm /usr/bin/lpr
root# install -mode 1555 /root/fixed-lpr /usr/bin/lpr
# one month later
eviluser$ exploit ~/tmp/lpr-fault
cheers
simon
--
Serve - BSD +++ RENT this banner advert +++ ASCII Ribbon /"\
Work - Mac +++ space for low €€€ NOW!1 +++ Campaign \ /
Party Enjoy Relax | http://dragonflybsd.org Against HTML \
Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \
Attachment:
signature.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00002.pgp
Type: application/octet-stream
Size: 252 bytes
Desc: "Description: OpenPGP digital signature"
URL: <http://lists.dragonflybsd.org/pipermail/commits/attachments/20061105/54957fe1/attachment-0022.obj>
More information about the Commits
mailing list