Date: Sat, 19 Oct 1996 09:34:55 +1000 From: Bruce Evans <bde@zeta.org.au> To: Guido.vanRooij@nl.cis.philips.com, julian@whistle.com Cc: Andrew.Tridgell@anu.edu.au, freebsd-hackers@FreeBSD.org Subject: Re: fix for symlinks in /tmp (fwd) FYI Message-ID: <199610182334.JAA24319@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>> The patch changes the kernels namei code so that symlinks will not be >> followed if: >> >> 1) the t bit is set on the directory containing the symlink >> and >> 2) the euid of the process does not match the owner of the symlink. >I wonder if anyone can comment on this... Symlinks have the same ownership as their parent directory in BSD4.4, so this patch would be almost equivalent to disallowing symlinks in sticky directories. E.g., /tmp is owned by bin, and no process should have uid bin, so symlinks in /tmp would never be followed (even for root :-). >> In case you don't think this change is necessary you should think >> about how many recent security holes in unix-like systems have been >> due to sloppy coding of programs that create files in /tmp. I also >> noticed today that gcc is vulnerable to this kind of bug (as of >> version 2.7.2), so potentially you can attack anyone who compiles >> anything on your system. Our mkstemp() and mktemp() use O_EXCL, and gcc seems to use mktemp(), so I think gcc isn't vulnerable. Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610182334.JAA24319>