[systemd-devel] [HEADSUP] /var/lock and /var/lock/lockdev
Lennart Poettering
lennart at poettering.net
Mon Apr 4 06:30:38 PDT 2011
On Mon, 04.04.11 13:41, Ludwig Nussel (ludwig.nussel at suse.de) wrote:
> > There are. A lot of software creates subdirectories beneath
> > /var/lock, for example LVM. If you allow creation of lockfiles in
> > /var/lock, then this enables the same programs to break LVM (and
> > everything else creating subdirs there), and even use LVM to break the
> > system even further.
> >
> > That's the point that https://bugzilla.redhat.com/show_bug.cgi?id=581884
> > tries to make.
>
> Well, that's not nice but not an immediate problem either. You'd
> have to exploit a bug in lockdev to gain access to the lock group
> first. Same risk as with any other setuid program.
But it defeats the point of the "lock" group. Because it enables code
that runs under that GID to destroy the system as if it was root.
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the systemd-devel
mailing list