Re: Security Anti Symlink Attack Patch for 2.1.71

Wolfgang Walter (wolfgang.walter@stusta.mhn.de)
Mon, 8 Dec 1997 11:51:57 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andreas Jaeger: "Re: 2.1.71 cant delete ipv4 routes"
Previous message: H. Peter Anvin: "Re: PnP in 2.2"

On Sun, Dec 07, 1997 at 02:11:44PM -0500, Rob Hagopian wrote:
> On Sun, 7 Dec 1997, Alan Cox wrote:
>
> > > The following patch was originaly for 2.0.32 by solar@false.com. I ported
> > > it to 2.1.71 and separated it from another patch that came with it.
> >
> > This isnt a good fix in some ways. Firstly there are programs that depend upon
> > symlinks in /tmp, secondly it doesnt seem to agree with the unix standard.
>
> But _very_ few programs depend on symlinks in /tmp that they didn't create
> (you'll note the patch does follow symlinks made by root) or hard links to
> files they don't own. I have yet to find one, if you know of one, please
> let me know!
>
> I agree that it does break strict Unix semantics, so it should be a config
> option, but I don't think that it should be excluded from the kernel for
> this sole reason. After all, source routing can be turned off and that
> breaks strict IPv4 semantics...
> -Rob H.
>

I agree, it would be fine to see that as a config option, or even better as
sysctl-tunable option. I think it would be even finer if it can be switched
on only for certain +t directories. One possibility would be if kernel checks
if there is a file owned by the directory-owner called .restricted_sym or so.

Wolfgang

Next message: Andreas Jaeger: "Re: 2.1.71 cant delete ipv4 routes"
Previous message: H. Peter Anvin: "Re: PnP in 2.2"