On 2009-01-16, Boyd Stephen Smith Jr. <b...@iguanasuicide.net> wrote: > --nextPart7126651.dTOK38xoNi > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > Content-Disposition: inline > > On Friday 2009 January 16 04:13:10 Michael Loftis wrote: >>--On January 16, 2009 10:31:35 AM +0100 Andreas Matthus >><andreas.matt...@tu-dresden.de> wrote: >>> But since some days I mull over a question: What happens if a user run >>> a selfcopy from a program with a security hole? I'm afraid he can get >>> root-rights. Isn't it? >>In general, no. This requires an exploitable kernel bug. That said, there >>have been some of these in the past, and new ones will likely be discovered >>in the future, but that's far more rare. Anything you run as root should >>only ever come from trusted sources for this reason. > > What about hardlinking the suid-root binaries to a hidden location, waiting= >=20 > for a security hole to be found/fixed, and then running the old binary to=20 > exploit the hole? Does dpkg handle suid/sgid files so that this is=20 > prevented?
dpkg does strip suid/sgid bits before removing the files - at least when I tested exactly that a year ago. /Sune -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org