Date: Fri, 18 Oct 1996 20:59:09 +0200 (MET DST) From: Guido van Rooij <Guido.vanRooij@nl.cis.philips.com> To: freebsd-hackers@freebsd.org Subject: fix for symlinks in /tmp (fwd) FYI Message-ID: <199610181859.UAA14544@spooky.lss.cp.philips.com>
next in thread | raw e-mail | index | archive | help
----- Forwarded message from Andrew Tridgell ----- >From owner-bugtraq@NETSPACE.ORG Fri Oct 18 19:47:53 1996 Approved-By: ALEPH1@UNDERGROUND.ORG Approved-By: Andrew Tridgell <tridge@ARVIDSJAUR.ANU.EDU.AU> Message-ID: <96Oct18.230213+1000est.65277-170+2281@arvidsjaur.anu.edu.au> Date: Fri, 18 Oct 1996 23:02:01 +1000 Reply-To: Andrew.Tridgell@anu.edu.au Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG> From: Andrew Tridgell <tridge@arvidsjaur.anu.edu.au> Subject: fix for symlinks in /tmp To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG> I have created a patch for Linux that fixes the generic problem of security holes due to symlinks being used in /tmp. The patch changes the kernels namei code so that symlinks will not be followed if: 1) the t bit is set on the directory containing the symlink and 2) the euid of the process does not match the owner of the symlink. The patch explicitly includes root, so root will not be able to follow symlinks in /tmp unless it owns them. I believe this change fixes all the "symlink-in-/tmp" style of security holes while having a minimal impact on the normal use of symlinks. In case you don't think this change is necessary you should think about how many recent security holes in unix-like systems have been due to sloppy coding of programs that create files in /tmp. I also noticed today that gcc is vulnerable to this kind of bug (as of version 2.7.2), so potentially you can attack anyone who compiles anything on your system. I know there have been other proposed generic fixes for this style of bug, but they tend to suffer from the problem of requiring people to change the way they work. The above fix should not be very noticeable to normal users of a system. I've submitted the patch to Linus, and have also made it available on ftp://samba.anu.edu.au/pub/linux/symlink.patch The patch is against Linux kernel 2.0.22, although it should work with any recent kernel. The active part of the patch is only a few lines long. Can anyone see any problems with this proposal? Cheers, Andrew -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Andrew Tridgell Dept. of Computer Science email: Andrew.Tridgell@anu.edu.au Australian National University Phone: +61 6 254 8209 Fax: +61 6 249 0010 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ----- End of forwarded message from Andrew Tridgell -----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610181859.UAA14544>