[aklug] Re: Strange hard linking

ls -l `which ln`
Will do it. If it is SUID, then the first 'rwx' set will have 's'
instead of 'x'. (e.g. -r-sr-xr-x)

On 11/28/10, Jim Gribbin <jimgribbin@gmail.com> wrote:
> Works on mine as well.
>
> [jimg@dartangnan ~]$ cd /tmp/
> [jimg@dartangnan tmp]$ sudo touch woman
> [sudo] password for jimg:
> [jimg@dartangnan tmp]$ ln woman man
> [jimg@dartangnan tmp]$ ls -l woman man
> -rw-r--r--. 2 root root 0 Nov 27 22:39 man
> -rw-r--r--. 2 root root 0 Nov 27 22:39 woman
>
> How does one tell if "ln" is running setuid root?
>
> Fedora 14, ext4
>
> Jim G
>
> On Sun, 2010-11-28 at 00:21 -0500, Christopher Howard wrote:
>> On Fri, Nov 26, 2010 at 05:45:17PM -0900, Shane R. Spencer wrote:
>> > On 11/26/2010 02:24 PM, Christopher Howard wrote:
>> > > So, I was messing around the other day, and found this rather wierd
>> > > behavior in Linux:
>> > >
>> > > First, I go root, and cd to some public directory. I create a file
>> > > with some text in it (we'll call it file0) with the new file of course
>> > > being own by root.
>> > >
>> > > Next, I switch back to a regular user account. I cd to my /tmp
>> > > directory, and use the ln command to create a new file (file1) in the
>> > > /tmp directory that is a hard link to file0. The new file1, strangely
>> > > enough, is not own by me, but is owned by root, although it does have
>> > > "everyone" read permissions.
>> > >
>> > > Then, I go root again, and I delete file0. I switch back to my regular
>> > > user, and discover that file1 still exists, and is still owned by
>> > > root. I cannot delete it with my regular user account.
>> > >
>> > > So, in summary, as a non-root user, I have the ability to "create"
>> > > (preserve?) files that I do not own and that I cannot delete.
>> > >
>> >
>> > What filesystem are you using? What distro?
>> >
>> > Shouldn't be possible if your operating system is at all secure (doesn't
>> > run ln as setuid
>> > root). You cannot modify (including create) files owned by root even if
>> > it's the same
>> > inode as another file. In order not to sound like a dork I attempted
>> > the following on
>> > XFS/JFS2/GFS2/NFS+EXT4/EXT4
>> >
>> > spencersr@banzai:/tmp$ sudo touch woman
>> > spencersr@banzai:/tmp$ ln woman man
>> > ln: creating hard link `man' => `woman': Operation not permitted
>> >
>> > Here.. running ln as setuid root gets things rocking :)
>> >
>> > spencersr@banzai:/tmp$ sudo chmod u+s /bin/ln
>> > spencersr@banzai:/tmp$ ln woman man
>> > spencersr@banzai:/tmp$ ls -lai man woman
>> > 34857277 -rw-r--r-- 2 root root 0 2010-11-26 17:36 man
>> > 34857277 -rw-r--r-- 2 root root 0 2010-11-26 17:36 woman
>> >
>> > - Shane
>>
>> The exact same command works fine on my system:
>>
>> cmhoward@enigma /tmp $ sudo touch woman
>> cmhoward@enigma /tmp $ ln woman man
>> cmhoward@enigma /tmp $ ls -l woman man
>> -rw-r--r-- 2 root root 0 Nov 27 20:19 man
>> -rw-r--r-- 2 root root 0 Nov 27 20:19 woman
>>
>> I'm running XFS file system on amd64 Gentoo (Gentoo-patched kernel
>> 2.6.34-gentoo-r12).
>>
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>

-- 
Sent from my mobile device
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.