Hello Ben, Ben Hutchings wrote:
You seem to be a bit confused about this vulnerability. /bin/bash is of course not suid-root, only owned by root.
You're right. To correct this: It is a big problem for suid-root binaries, but even a problem for non-suid-root-binaries like "/bin/bash" - if you can write to /bin/bash after fooling the admin to run chown on your home, you own the system as soon as root logs in or some shell script is started as root. Thanks for the information about POSIX.
Many distributions apply many patches that are not upstream. We generally try to avoid doing that in the standard kernel images.
Do you see any way to deny the described attacks (flooding /tmp, hardlinking insecure suid binaries) without this patch?
However, we may add kernel images with the 'grsec' featureset for the next release (wheezy).
That sounds good. Thanks Max -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
