Re: Security Anti Symlink Attack Patch for 2.1.71

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Ildar Khabibrakhmanov: "Re: 2.1.70: stange NFS modes"
• Previous message: Aron Griffis: "Re: QNX Scheduler (was Re: Bunch of OOPSen in 2.1.65)"
• Maybe in reply to: Christoph Lameter: "Security Anti Symlink Attack Patch for 2.1.71"
• Next in thread: Erik Corry: "Re: Security Anti Symlink Attack Patch for 2.1.71"

> The following patch was originaly for 2.0.32 by solar@false.com.
> I ported it to 2.1.71 and separated it from another patch that
> came with it.
>
> This isnt a good fix in some ways. Firstly there are programs
> that depend upon symlinks in /tmp,

Not symlinks to files owned by other non-root users.

> secondly it doesnt seem to agree with the unix standard.
>
> Thats not to say it isnt a good toy to have around on an insecure
> box, but it shouldnt be a standard thing.

I think it is OK:

The implementation may require that the calling
process has permission to access the existing file.

What "access" might be is not specified, so I think we can
at least require read-write access. I think that standard
was made vague to allow for this sort of feature.

There are other neat features that are legal too.
Hidden files are OK, since stat() may lie:
the system may deny the existence of the file specified

• Next message: Ildar Khabibrakhmanov: "Re: 2.1.70: stange NFS modes"
• Previous message: Aron Griffis: "Re: QNX Scheduler (was Re: Bunch of OOPSen in 2.1.65)"
• Maybe in reply to: Christoph Lameter: "Security Anti Symlink Attack Patch for 2.1.71"
• Next in thread: Erik Corry: "Re: Security Anti Symlink Attack Patch for 2.1.71"