On Sun, 13 Aug 2006 03:41:35 -0500
Corey Wright <undefined@pobox.com> wrote:
> the problem: when using dpkg to upgrade a package that contains setuid/gid
> files which have been unified/hashified, dpkg wants to first chmod 600 the
> files before unlinking them (in case somebody has hardlinked to a security
> susceptible file which will remain even after the upgrade because of the
> hardlink). of course, as the files are immutable, the chmod fails, but
> this behavior is never seen for all other files because dpkg unlinks them
> without chmoding them first (and unlinking is allowed).
one solution to the security issue that i forgot to mention is to keep
user-writable directories on seperate file systems than setuid/gid files as
hardlinks cannot cross file systems.
i implement this philosophy on all my larger installations (ie the vserver
host, my workstation), but i haven't done this within vserver guests
because there are no user directories (ie /home/*) and most of my guests
are small (<= 200 MB as they merely provide a single service, not host tons
of data).
it seems somewhat cumbersome, though definitely doable, to have two
partitions in every vserver with user-level access, especially for smaller
vservers.
are there any other options?
corey
-- undefined@pobox.com _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserverReceived on Sun Aug 13 19:32:03 2006