From 21c38820f1ea68b51c0ceb783612e59ea8e8d807 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 11 Mar 1996 01:58:02 +0000 Subject: [PATCH] updated wrt /var/run/sudo --- sudo.pod | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/sudo.pod b/sudo.pod index c36b65d36..b2073bc13 100644 --- a/sudo.pod +++ b/sudo.pod @@ -127,14 +127,16 @@ B executes. For security reasons, if your OS supports shared libraries, B should always be statically linked unless the dynamic loader disables user-defined library search paths -for setuid programs. +for setuid programs. (Most modern dynamic loaders do this.) B will check the ownership of its timestamp directory -(F by default) and ignore the directory's contents -if it is not owned by root and only read, writable, and -executable by root. On systems that allow users to give -files away to root (via chown) it is possible for a user -to create the timestamp directory before B is run. +(F or F by default) and ignore +the directory's contents if it is not owned by root and +only read, writable, and executable by root. On systems +that allow users to give files away to root (via chown), +if the timestamp directory is located in a directory writable +by anyone (ie: F), it is possible for a user to create +the timestamp directory before B is run. However, because B checks the ownership and mode of the directory, the only damage that can be done is to "hide" files by putting them in the timestamp dir. This is unlikely @@ -142,7 +144,7 @@ to happen since once the timestamp dir is owned by root and inaccessible by any other user the user placing files there would be unable to get them back out. To get around this issue you can use a directory that is not world-writable -for the timestamps (F for instance). +for the timestamps (F for instance). To keep users from creating their own timestamp files (by creating the timestamp directory before B -- 2.50.1