Re: Security Anti Symlink Attack Patch for 2.1.71

Alexander Kjeldaas (astor@guardian.no)
Mon, 8 Dec 1997 00:53:08 +0100 (MET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: linux kernel account: "Re: PnP in 2.2 ?"
Previous message: Andrew Auderieth: "2.1.71: network wierdness and nfs messages"

On Sun, 7 Dec 1997, Christoph Lameter wrote:

> Maybe a better way to do things would be to not allow certain symlinks in
> /tmp or other +t directories:
>
> Symlinks in +t dirs must satisfy the following criteria if created by a
> regular user not member of group root:
>
> 1. They cannot be absolute (i.e. they cannot begin with /)
>
> 2. They are not allowed to point to a higher directory
> (Maybe forbid ".." in symlinks?)
>
> Are there any reasons this would not work?
>

symlinks to symlinks?

astor

--
 Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway
 http://www.guardian.no/

Next message: linux kernel account: "Re: PnP in 2.2 ?"
Previous message: Andrew Auderieth: "2.1.71: network wierdness and nfs messages"