Re: Security Anti Symlink Attack Patch for 2.1.71

Matthias Urlichs (smurf@work.smurf.noris.de)
9 Jan 1998 18:03:02 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andi Kleen: "Re: sockets in SOCK_PACKET mode?"
Previous message: Malcolm Beattie: "Re: sockets in SOCK_PACKET mode?"

Christoph Lameter <chris@waterf.org> writes:
>
> without any complaints by the kernel. Then if root tries to write to a
> file in /tmp that has been redirected with a user symlink, a permission
> denied results and the script to be run by root fails. Not good.
>
But that is easy to fix; instead of returning EPERM, delete the symlink (if
the file is opened with O_CREAT) and proceed normally.

> 1. They cannot be absolute (i.e. they cannot begin with /)
> 2. They are not allowed to point to a higher directory
IMHO that is too complicated. The rule "only follow your own symlinks in
"sticky" directories" is easy, and I cannot think of any program which
would require different behavior.

> And maybe the functionality should be switchable on and off by writing to
> a file in /proc/sys/kernel/xxxx ?
>
Yep. But IMHO it is overkill to specify that on a per-directory basis.
Per filesystem, maybe, as a mount option (NFS does not support any special
EXT2 options we might want to invent).

-- 
Matthias Urlichs
noris network GmbH

Next message: Andi Kleen: "Re: sockets in SOCK_PACKET mode?"
Previous message: Malcolm Beattie: "Re: sockets in SOCK_PACKET mode?"