Find the answer to your Linux question:
Results 1 to 3 of 3
I installed Google Chrome a few days ago using Google's own DEB package. It installs under /opt, which on my system is on a nosuid partition. This prevented chrome-sandbox from ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2013
    Posts
    1

    suid and symlinks


    I installed Google Chrome a few days ago using Google's own DEB package. It installs under /opt, which on my system is on a nosuid partition. This prevented chrome-sandbox from running since it's suid. I got around this by copying this particular file with permissions into /usr/local/bin (my entire /usr hierarchy is on a suid partition), renaming the original file, then creating a symlink in the chrome directory under /opt to the copy under /usr/local/bin.

    This works in the sense Chrome runs.

    However, I'm concerned that this is a security risk using a symlink from a nosuid partition to an suid executable on a suid partition. What are the problems which could arise from this sort of work-around?

    More generally, is there any way to prevent symlinks in nosuid partitions from pointing to suid executables on suid partitions? I've tried web and forum searches about this, and the closest I've found is the Linux Security HOWTO article, but it doesn't say anything specifically about symlinks.

  2. #2
    Linux Engineer
    Join Date
    Apr 2012
    Location
    Virginia, USA
    Posts
    886
    I have thought about this for a few seconds. It's a non issue.

  3. #3
    Just Joined!
    Join Date
    Nov 2010
    Posts
    3
    Quote Originally Posted by hrlngrv View Post
    However, I'm concerned that this is a security risk using a symlink from a nosuid partition to an suid executable on a suid partition. What are the problems which could arise from this sort of work-around?
    If youīre corcened about security risk, you donīt understand the way permissions and/or symlinks work. What matters are the permissions of the dest file, not the symlink. "Permissions on a symbolic link are largely immaterial". In fact in Linux are created with 777 by default. But that doesnīt mean it can be read/write/executed by all people...

    Quote Originally Posted by hrlngrv View Post
    More generally, is there any way to prevent symlinks in nosuid partitions from pointing to suid executables on suid partitions?
    With a nosuid partition you donīt want suid files/folder in that partition. If you have a symlink, the file/folder is in another partition. May be you donīt want symlinks at all in your partition. ..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •