why does empty file /media/.hal-mtab-lock have suid bit set?
On Nov 20, 2007 1:46 PM, Les <firstname.lastname@example.org> wrote:
> HI, Dave,
> This is a "lock" file, used to prevent multiple access to another file.
Thanks Les, but 'what is it?' was not the question. Why would a lock
file need to have world execute permissions, owner (root) read/write,
and SUID bit set? Harmless mistake? Sinister sneakiness? World
executable, owned by root, setuid, sounds pretty fishy. The only thing
that prevents me from panicking already is that the file is empty. But
I've heard of stranger things than this leaving a backdoor open.
I just shut down haldaemon, erased the lock file, and restarted
haldaemon, and now it is world-readable, root executable, and with the
t-bit set, which I don't remember what it means. Maybe haldaemon uses
the permissions as a sort of semaphore? Doesn't seem broken - yet.
#[root@linoleum archive]# ls -la /media/.hal-mtab-lock
---x---r-t 1 root root 0 Nov 20 15:27 /media/.hal-mtab-lock
> When the other file [snip]
> > #ls -la /media/.hal-mtab-lock
> > -rwS-----x 1 root root 0 Jun 25 12:44 /media/.hal-mtab-lock
> > # file /media/.hal-mtab-lock
> > /media/.hal-mtab-lock: setuid empty
> > I find this strange. By googling I get the impression it is a valid
> > hald file, but why the weird permissions?
fedora-list mailing list
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list