From owner-freebsd-hackers Fri Oct 18 16:36:24 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id QAA01303 for hackers-outgoing; Fri, 18 Oct 1996 16:36:24 -0700 (PDT) Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA01297 for ; Fri, 18 Oct 1996 16:36:17 -0700 (PDT) Received: (from bde@localhost) by godzilla.zeta.org.au (8.7.6/8.6.9) id JAA24319; Sat, 19 Oct 1996 09:34:55 +1000 Date: Sat, 19 Oct 1996 09:34:55 +1000 From: Bruce Evans Message-Id: <199610182334.JAA24319@godzilla.zeta.org.au> To: Guido.vanRooij@nl.cis.philips.com, julian@whistle.com Subject: Re: fix for symlinks in /tmp (fwd) FYI Cc: Andrew.Tridgell@anu.edu.au, freebsd-hackers@FreeBSD.org Sender: owner-hackers@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk >> The patch changes the kernels namei code so that symlinks will not be >> followed if: >> >> 1) the t bit is set on the directory containing the symlink >> and >> 2) the euid of the process does not match the owner of the symlink. >I wonder if anyone can comment on this... Symlinks have the same ownership as their parent directory in BSD4.4, so this patch would be almost equivalent to disallowing symlinks in sticky directories. E.g., /tmp is owned by bin, and no process should have uid bin, so symlinks in /tmp would never be followed (even for root :-). >> In case you don't think this change is necessary you should think >> about how many recent security holes in unix-like systems have been >> due to sloppy coding of programs that create files in /tmp. I also >> noticed today that gcc is vulnerable to this kind of bug (as of >> version 2.7.2), so potentially you can attack anyone who compiles >> anything on your system. Our mkstemp() and mktemp() use O_EXCL, and gcc seems to use mktemp(), so I think gcc isn't vulnerable. Bruce