Re: [Vserver] dpkg fails when upgrading hashified setuid files

From: Corey Wright <undefined_at_pobox.com>
Date: Sun 13 Aug 2006 - 19:31:34 BST
Message-Id: <20060813133134.7f65683d.undefined@pobox.com>

On Sun, 13 Aug 2006 03:41:35 -0500
Corey Wright <undefined@pobox.com> wrote:

> the problem: when using dpkg to upgrade a package that contains setuid/gid
> files which have been unified/hashified, dpkg wants to first chmod 600 the
> files before unlinking them (in case somebody has hardlinked to a security
> susceptible file which will remain even after the upgrade because of the
> hardlink). of course, as the files are immutable, the chmod fails, but
> this behavior is never seen for all other files because dpkg unlinks them
> without chmoding them first (and unlinking is allowed).

one solution to the security issue that i forgot to mention is to keep
user-writable directories on seperate file systems than setuid/gid files as
hardlinks cannot cross file systems.

i implement this philosophy on all my larger installations (ie the vserver
host, my workstation), but i haven't done this within vserver guests
because there are no user directories (ie /home/*) and most of my guests
are small (<= 200 MB as they merely provide a single service, not host tons
of data).

it seems somewhat cumbersome, though definitely doable, to have two
partitions in every vserver with user-level access, especially for smaller
vservers.

are there any other options?

corey

-- 
undefined@pobox.com
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Sun Aug 13 19:32:03 2006
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sun 13 Aug 2006 - 19:32:08 BST by hypermail 2.1.8