> In IllumOS non-privileged users are allowed to create hard links of setuid executables which is necessary in order for exploitation of this vulnerability to achieve privileged code execution.
> NOTE: Various Linux distributions have incorporated patches that restrict symbolic link behavior, preventing security vulnerabilities such as the one we are about to demonstrate.
Linux distributions also restrict hardlink behavior, which addresses this issue. This seems like the key point. In current Linux, by default, you can't create a hardlink to someone else's file, setuid or otherwise.
4 comments
[ 2.7 ms ] story [ 32.7 ms ] thread> NOTE: Various Linux distributions have incorporated patches that restrict symbolic link behavior, preventing security vulnerabilities such as the one we are about to demonstrate.
Linux distributions also restrict hardlink behavior, which addresses this issue. This seems like the key point. In current Linux, by default, you can't create a hardlink to someone else's file, setuid or otherwise.
[1]: http://danwalsh.livejournal.com/64493.html
[0] http://android-developers.blogspot.de/2016/06/android-change...