Works on mine as well.
[jimg@dartangnan ~]$ cd /tmp/
[jimg@dartangnan tmp]$ sudo touch woman
[sudo] password for jimg:
[jimg@dartangnan tmp]$ ln woman man
[jimg@dartangnan tmp]$ ls -l woman man
-rw-r--r--. 2 root root 0 Nov 27 22:39 man
-rw-r--r--. 2 root root 0 Nov 27 22:39 woman
How does one tell if "ln" is running setuid root?
Fedora 14, ext4
Jim G
On Sun, 2010-11-28 at 00:21 -0500, Christopher Howard wrote:
> On Fri, Nov 26, 2010 at 05:45:17PM -0900, Shane R. Spencer wrote:
> > On 11/26/2010 02:24 PM, Christopher Howard wrote:
> > > So, I was messing around the other day, and found this rather wierd behavior in Linux:
> > >
> > > First, I go root, and cd to some public directory. I create a file with some text in it (we'll call it file0) with the new file of course being own by root.
> > >
> > > Next, I switch back to a regular user account. I cd to my /tmp directory, and use the ln command to create a new file (file1) in the /tmp directory that is a hard link to file0. The new file1, strangely enough, is not own by me, but is owned by root, although it does have "everyone" read permissions.
> > >
> > > Then, I go root again, and I delete file0. I switch back to my regular user, and discover that file1 still exists, and is still owned by root. I cannot delete it with my regular user account.
> > >
> > > So, in summary, as a non-root user, I have the ability to "create" (preserve?) files that I do not own and that I cannot delete.
> > >
> >
> > What filesystem are you using? What distro?
> >
> > Shouldn't be possible if your operating system is at all secure (doesn't run ln as setuid
> > root). You cannot modify (including create) files owned by root even if it's the same
> > inode as another file. In order not to sound like a dork I attempted the following on
> > XFS/JFS2/GFS2/NFS+EXT4/EXT4
> >
> > spencersr@banzai:/tmp$ sudo touch woman
> > spencersr@banzai:/tmp$ ln woman man
> > ln: creating hard link `man' => `woman': Operation not permitted
> >
> > Here.. running ln as setuid root gets things rocking :)
> >
> > spencersr@banzai:/tmp$ sudo chmod u+s /bin/ln
> > spencersr@banzai:/tmp$ ln woman man
> > spencersr@banzai:/tmp$ ls -lai man woman
> > 34857277 -rw-r--r-- 2 root root 0 2010-11-26 17:36 man
> > 34857277 -rw-r--r-- 2 root root 0 2010-11-26 17:36 woman
> >
> > - Shane
>
> The exact same command works fine on my system:
>
> cmhoward@enigma /tmp $ sudo touch woman
> cmhoward@enigma /tmp $ ln woman man
> cmhoward@enigma /tmp $ ls -l woman man
> -rw-r--r-- 2 root root 0 Nov 27 20:19 man
> -rw-r--r-- 2 root root 0 Nov 27 20:19 woman
>
> I'm running XFS file system on amd64 Gentoo (Gentoo-patched kernel 2.6.34-gentoo-r12).
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sat Nov 27 22:58:04 2010
This archive was generated by hypermail 2.1.8 : Sat Nov 27 2010 - 22:58:04 AKST