On 2013-08-24 23:20:39 -0600, Bob Proulx wrote: > Vincent Lefevre wrote: > > Bob Proulx wrote: > > > Vincent Lefevre wrote: > > > > Is it OK that anyone who has a write access in this directory can > > > > become root on the machine? > > > > > > That question is ambiguous. Do you mean that someone who can write to > > > /foo can use that to become root? > > > > Yes. Say, during an upgrade of the system or package installation, > > some given file /foo/bar gets executed under root (thanks to ldd). > > Please say more? I know of no way that having write to /foo will give > priviledge escalation.
The directory in question is "/libx32". If a user has write access to it, he can create a "/libx32/ld-linux-x32.so.2" executable that will be executed as root when update-initramfs is run: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720735 Actually it appears that all /lib* are optionally part of the FHS (the Wikipedia article didn't mention them). One can still wonder whether there is a risk that such a directory like /libx32 (which doesn't even correspond to a compatible architecture: yields crashes) might be used locally in some special way, with additional permissions. BTW, Debian doesn't even comply to the FHS concerning such directories: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720777 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720778 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720780 -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <http://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130825135348.ga18...@xvii.vinc17.org
