[grsec] gr_handle_chroot_chmod() permissions
Brad Spengler
spender at grsecurity.net
Sat Aug 20 15:17:03 EDT 2005
> the gr_handle_chroot_chmod() code does a permission check like this
> and denies the request if true:
>
> (mode & S_ISUID) || ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))
>
> IMHO it's still possible to have a file which sets S_ISGID and S_IXOTH.
It is, but in the case of S_ISGID & ~S_IXGRP, it's a mandatory lock. So a file
with S_ISGID & S_IXOTH poses no security risk, because it doesn't work like a sgid
binary, which is what we're trying to prevent with this feature.
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20050820/0bb2b070/attachment.pgp
More information about the grsecurity
mailing list