Differences

This shows you the differences between two versions of the page.

Link to this comparison view

internal:accessing-users-files-as-root-safely [2023/05/10 12:31]
ilsayston
internal:accessing-users-files-as-root-safely [2023/05/10 13:46] (current)
solar old revision restored (2011/03/18 17:18)
Line 1: Line 1:
-[[https://www.allassignmenthelp.com/au/assignment-help-sydney.html|Sydney assignment help]] and serviceability are employed ​by scholars ​to attend stepsIt has been noted in several studies that essays concentrate on how people think and feel about one anotherConsider how they differ ​from one another. ​Under the guidance of a quality maker, I'​ll ​take an online test for my online classes ​to treat pupil problemsNeverthelessit's interesting ​that numerous pupils cannot attend class properly and with full focusTo help you find an [[https://allassignmenthelp.com/samples/argumentative-essay-on-employees.html|Argumentative essay on employees]] would be unreasonableDeveloping your chops and knowledge ​is vital to completing your tasksHoweverI'll help you go through ​and know the outfitIf you have difficulty with an assignment, Is there anything I can do to assist you in your studies?+====== How to access users' files as root safely ====== 
 + 
 +The following is an excerpt taken from [[http://www.openwall.com/lists/oss-security/​2011/​03/​04/​24]]
 + 
 +<​file>​ 
 +Speaking of issues where a more or differently privileged process 
 +accesses files in a directory writable ​by another process, these are 
 +surprisingly difficult ​to "​fully"​ deal with, and the majority of 
 +programs are "​affected"​ Of the common Unix commands, only a handful 
 +are safe to use in untrusted directories (with possible impact of 
 +attacks being a mere DoS against the command itself) - such as "​ln"​. 
 +Yes, I actually use "​ln"​ like this: 
 + 
 +# su - user1 
 +$ cp some/​dir/​file . # hopefully the ~/file name was not taken 
 +$ exit 
 +# ln ~user1/file . 
 +# ls -ld file # sanity check that we were not raced 
 +# chown user2: file 
 +# ln file ~user2/ 
 +# rm file 
 +# su - user2 
 +$ mv file target/​dir/​ 
 +$ exit 
 +# su - user1 
 +$ rm file 
 + 
 +when I need to copy a file from one untrusted user to another. ​ Yes, 
 +this is complicated and it has limitations (same fs).  Maybe we need a 
 +special tool for this task (had some ideas on this - "​give"​ and "take
 +commands). ​ But that's the current situation. 
 + 
 +Almost all other commands and programs are unsafe on untrusted 
 +directories. ​ In my opinion, that's the only correct assumption for a 
 +sysadmin ​to make, and any other assumption is naive ​Unfortunately, 
 +most sysadmins don't fully realize this (in my experience),​ but that 
 +does not make those programs any safer, nor does it prompt us to assign 
 +CVE ids against almost all Unix programs. 
 +</​file>​ 
 + 
 +Unfortunately,​ ''​su''​ is not perfect. ​ An excerpt from [[http://www.openwall.com/lists/oss-security/​2011/​03/​05/​6]]
 + 
 +<​file>​ 
 +The admin could "​su"​ to the service pseudo-user,​ but that allows the 
 +compromised service to attack the admin'​s terminal, accessing the fd via 
 +/proc or ptrace of a process such as "​less"​ running under the "​su"​ 
 +session Only "​su"​ itself ​is immune from such attacks (since it has its 
 +"​dumpable"​ flag cleared); its child processes are not The attacker 
 +would be able to print control characters directly to the terminal fd, 
 +and to issue ioctl'​s on it, changing ​the terminal mode This might have 
 +a security impact worse than DoS. 
 +</​file>​
internal/accessing-users-files-as-root-safely.txt · Last modified: 2023/05/10 13:46 by solar
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux