[systemd-devel] [HEADSUP] /var/lock and /var/lock/lockdev
Ludwig Nussel
ludwig.nussel at suse.de
Mon Apr 4 07:20:59 PDT 2011
Lennart Poettering wrote:
> On Mon, 04.04.11 13:41, Ludwig Nussel (ludwig.nussel at suse.de) wrote:
>
> > > There are. A lot of software creates subdirectories beneath
> > > /var/lock, for example LVM. If you allow creation of lockfiles in
> > > /var/lock, then this enables the same programs to break LVM (and
> > > everything else creating subdirs there), and even use LVM to break the
> > > system even further.
> > >
> > > That's the point that https://bugzilla.redhat.com/show_bug.cgi?id=581884
> > > tries to make.
> >
> > Well, that's not nice but not an immediate problem either. You'd
> > have to exploit a bug in lockdev to gain access to the lock group
> > first. Same risk as with any other setuid program.
>
> But it defeats the point of the "lock" group. Because it enables code
> that runs under that GID to destroy the system as if it was root.
Tjo. The system just isn't thought out well in several ways.
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
More information about the systemd-devel
mailing list