Re: [Vserver] dpkg fails when upgrading hashified setuid files

From: Corey Wright <undefined_at_pobox.com>
Date: Thu 17 Aug 2006 - 04:33:20 BST
Message-Id: <20060816223320.8aa8ec4a.undefined@pobox.com>

On Sun, 13 Aug 2006 03:41:35 -0500
Corey Wright <undefined@pobox.com> wrote:

> this email is to serve as a notification of a problem and a survey of
> possible workarounds/solutions.
>
> the problem: when using dpkg to upgrade a package that contains setuid/gid
> files which have been unified/hashified, dpkg wants to first chmod 600 the
> files before unlinking them (in case somebody has hardlinked to a security
> susceptible file which will remain even after the upgrade because of the
> hardlink). of course, as the files are immutable, the chmod fails, but
> this behavior is never seen for all other files because dpkg unlinks them
> without chmoding them first (and unlinking is allowed).

my final solution is attached, which is a patch to dpkg disabling the
behavior of chmodding a setuid/gid file 600 before removing it. this still
doesn't address the security problem of a non-root user hardlinking a
locally-exploitable setuid file before upgrade and it still being available
to exploit after upgrade. the solution to that is limiting users to
writing on a partition (/home) separate from setuid files (/ & /usr) (which
is already a "best practice", but hard to justify on small-sized vserver
guests).

so anyways, this is the patch that i applied to dpkg that i installed only
on my hashified/unified vserver guests, not the vserver host.

corey

-- 
undefined@pobox.com

_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Received on Thu Aug 17 04:33:48 2006
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Thu 17 Aug 2006 - 04:33:53 BST by hypermail 2.1.8