Date: Mon, 4 Oct 1999 10:14:20 -0700 From: "Scott Hess" <scott@avantgo.com> To: "Michael Bryan" <fbsd-security@ursine.com>, <freebsd-security@FreeBSD.ORG> Subject: Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Message-ID: <05b301bf0e8b$e5ca32e0$1e80000a@avantgo.com> References: <199909291352.GAA31310@cwsys.cwsent.com><199909300401.WAA08495@harmony.village.org> <199910020846310710.17F35F81@quaggy.ursine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Michael Bryan <fbsd-security@ursine.com> wrote: > On 9/29/99 at 10:01 PM Warner Losh wrote: > >FreeBSD should follow symlinks. In fact in the base system we have > >/dev/log which points to /var/run/log. > > Would it make sense to have the following behaviour when bind() > encounters a symlink? > > 1) If a symlink exists and points to a valid Unix-domain > socket, go ahead and follow the link. Presumably a valid Unix-domain socket owned by the bind()'ing user? > This still allows /dev/log -> /var/run/log to work, but prevents > abuse in cases of poor code like in ssh. Why not just fix the problem? We can add code via the patches in the ssh port, which will later work its way back into ssh. Later, scott To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?05b301bf0e8b$e5ca32e0$1e80000a>