On 30/01/2017 00:20, Michael Orlitzky wrote:
> On 01/29/2017 05:07 PM, Alan McKinnon wrote:
>>
>> Sure it can be done, just don't chown -R <user> ~user. DO it the VERY
>> long way round, file by file. Say you changed user "awesome" uid 300 to 400:
>>
>> find / -uid 300 -exec chown awesome {} \+
>>
>
> That will find symlinks created by UID 300, and chown will follow them
> to give "awesome" ownership of the TARGET of the symlink; an easy root
> exploit. If you are about to suggest "find -type f" or the
> "--no-dereference" flag, then beware that chown will also follow
> hardlinks and you're still screwed (albeit limited to one filesystem,
> and on vanilla kernels).
>
>
Good catch with symlinks.
I don't see the point about hardlinks, they are just files with 2
dentries. When find gets to the second one it's already changed, so no
problem.
But I'm sure there are plenty edge case scenarios that make this whole
process go awry, all pointing to the same conclusion:
As a dev you shouldn't even try. Let the sysadmin deal with it.
If a system user already has a UID different to the published standard,
leave it alone, it's a human's problem
--
Alan McKinnon
alan.mckin...@gmail.com
