> It is very common for tools to use temporary files in /tmp. Sadly anyone
> can create a symlink in /tmp and thus potentially redirect the creation of
> said temporary files.
>
> The following patch was originaly for 2.0.32 by solar@false.com. I ported
> it to 2.1.71 and separated it from another patch that came with it.
>
> The patch is also available from
> ftp://ftp.fuller.edu/Linux/symlink-attack-patch-2.1.71
I quite like this patch, but I do not like security_alert code... Aha,
ok! It is long enough, and pretty ugly, but pretty generic.
If you made something like antiflood_printk and let every user print
what _they_ think is neccessary, it might be better. Somethink like
net_ratelimit() functionality...
Pavel
> +#define security_alert(msg) { \
> + static unsigned long warning_time = 0, no_flood_yet = 0; \
> +\
> +/* Make sure at least one minute passed since the last warning logged */ \
> + if (!warning_time || jiffies - warning_time > 60 * HZ) { \
> + warning_time = jiffies; no_flood_yet = 1; \
> + printk( \
> + KERN_ALERT \
> + "Possible " msg " exploit attempt:\n" \
> + KERN_ALERT \
> + "Process %s (pid %d, uid %d, euid %d).\n", \
> + current->comm, current->pid, \
> + current->uid, current->euid); \
> + } else if (no_flood_yet) { \
> + warning_time = jiffies; no_flood_yet = 0; \
> + printk( \
> + KERN_ALERT \
> + "More possible " msg " exploit attempts follow.\n"); \
> + } \
> +}
> +
Pavel
-- I'm really pavel@atrey.karlin.mff.cuni.cz. Pavel Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).