|
Lines 1224-1230
Link Here
|
| 1224 |
But if you are running X, you might have some more, since X needs the elevated |
1224 |
But if you are running X, you might have some more, since X needs the elevated |
| 1225 |
access afforded by SUID. |
1225 |
access afforded by SUID. |
| 1226 |
</p> |
1226 |
</p> |
|
|
1227 |
</body> |
| 1228 |
</section> |
| 1229 |
<section> |
| 1230 |
<title>SUID/SGID binaries and Hardlinks</title> |
| 1231 |
<body> |
| 1232 |
<p> |
| 1233 |
A file is only considered deleted when there are no more links pointing to it. This |
| 1234 |
might sound like a strange concept, but consider that a filename like <path>/usr/bin/perl</path> |
| 1235 |
is actually a link to the inode where the data is stored. Any number of links can point |
| 1236 |
to the file, and until all of them are gone, the file still exists. |
| 1237 |
</p> |
| 1238 |
|
| 1239 |
<p> |
| 1240 |
If your users have access to a partition that isn't mounted with <c>nosuid</c> |
| 1241 |
or <c>noexec</c> (for example, if <path>/tmp</path>, <path>/home</path>, or <path>/var/tmp</path> are |
| 1242 |
not seperate partitions) you should take care to ensure your users don't create hardlinks to |
| 1243 |
SUID or SGID binaries, so that after Portage updates they still have access to the old |
| 1244 |
versions. |
| 1245 |
</p> |
| 1246 |
|
| 1247 |
<warn> |
| 1248 |
if you have received a warning from portage about remaining hardlinks, and your users can |
| 1249 |
write to a partition that allows executing SUID/SGID files, you should read this section carefully. |
| 1250 |
One of your users may be attempting to circumvent your update by keeping an outdated version |
| 1251 |
of a program. If your users cannot create their own SUID files, or can only execute programs using |
| 1252 |
the dynamic loader (partitions mounted <c>noexec</c>), you do not have to worry. |
| 1253 |
</warn> |
| 1227 |
|
1254 |
|
|
|
1255 |
<note> |
| 1256 |
Users do not need read access to a file to create a link to it, they only need read permission to |
| 1257 |
the directory that contains it. |
| 1258 |
</note> |
| 1259 |
|
| 1260 |
<p> |
| 1261 |
To check how many links a file has, you can use the <c>stat</c> command. |
| 1262 |
<p> |
| 1263 |
|
| 1264 |
<pre caption="Stat command"> |
| 1265 |
$ stat /bin/su |
| 1266 |
File: `/bin/su' |
| 1267 |
Size: 29350 Blocks: 64 IO Block: 131072 regular file |
| 1268 |
Device: 900h/2304d Inode: 2057419 Links: 1 |
| 1269 |
Access: (4711/-rws--x--x) Uid: ( 0/ root) Gid: ( 0/ root) |
| 1270 |
Access: 2005-02-07 01:59:35.000000000 +0000 |
| 1271 |
Modify: 2004-11-04 01:46:17.000000000 +0000 |
| 1272 |
Change: 2004-11-04 01:46:17.000000000 +0000 |
| 1273 |
</pre> |
| 1274 |
|
| 1275 |
<p> |
| 1276 |
To find the SUID and SGID files with multiple links, you can use <c>find</c>. |
| 1277 |
</p> |
| 1278 |
|
| 1279 |
<pre caption="Finding multiply linked suid/sgid binaries"> |
| 1280 |
$ find / -type f \( -perm -004000 -o -perm -002000 \) -links +1 -ls |
| 1281 |
</pre> |
| 1228 |
</body> |
1282 |
</body> |
| 1229 |
</section> |
1283 |
</section> |
| 1230 |
</chapter> |
1284 |
</chapter> |
