On Wed January 30 2008, Stefan Seyfried wrote: > On Wed, Jan 30, 2008 at 04:11:44PM +0100, Till Maas wrote: > > On Wed January 30 2008, Stefan Seyfried wrote: > > > If somebody managed to get a symlink where the logfile should be, you > > > are fscked. So i think this is less secure. > > > > And what if somebody gets /usr/lib/pm-utils/bin/pm-action to be an > > arbitrary binary? Then you are fscked, too. > > But you might need to subvert another part of the system to accomplish
It might also be possible than someone can only subvert files that do not contain only single ticks and space-characters. > this. Being paranoid, it is always a good idea to at least make sure that > there is no symlink where you want to create your file. The easiest way to Beeing paranoid, it is always a good idea to append some single ticks, space characters and other random characters to the filename of a file. But from an objective point of view, changing files that belong to root:root and are not world-writable need the same privilegies. > accomplish this is to remove it before. If selinux cannot cope with that, > that's a selinux problem. Fix it there. It is not a selinux problem that the properties of a file need to be defined when you create it, the selinux-context is just a property like owner, group or permissions. > > I do not see the point, how changing the > > logfile is easier than changing any other component of pm-utils. > > It depends on what service you can get to act up. Additional paranoia is > always good. :-) You need at least root privilegies for both. For every "create a symlink as /var/log/pm-suspend.log for unprivileged users, but do nothing else" service one can think of, there is also a "put an arbitrary binary add /usr/lib/pm-utils/bin/pm-action for unprivileged users, but do nothing else" service. Therefore this is not a valid reason why it should be easier to change the logfile that to change anything else. I hope it is clear what I want to say here. :-) And last but not least you create a race condition with your paranoia. Btw. with selinux you can satisfy additional paranoia. Regards, Till
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Pm-utils mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/pm-utils
