From owner-freebsd-security Wed Feb 28 00:04:25 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id AAA20949 for security-outgoing; Wed, 28 Feb 1996 00:04:25 -0800 (PST) Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id AAA20943 for ; Wed, 28 Feb 1996 00:04:16 -0800 (PST) Received: from msmith@localhost by genesis.atrad.adelaide.edu.au (8.6.12/8.6.9) id SAA16934; Wed, 28 Feb 1996 18:35:36 +1030 From: Michael Smith Message-Id: <199602280805.SAA16934@genesis.atrad.adelaide.edu.au> Subject: Re: Suspicious symlinks in /tmp To: nlawson@kdat.csc.calpoly.edu (Nathan Lawson) Date: Wed, 28 Feb 1996 18:35:36 +1030 (CST) Cc: newton@communica.com.au, security@freebsd.org In-Reply-To: <199602272055.MAA15968@kdat.calpoly.edu> from "Nathan Lawson" at Feb 27, 96 12:55:45 pm MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org Precedence: bulk Nathan Lawson stands accused of saying: > > > > So: Not only does it not matter who owns the symlink, it also doesn't > > matter how it is chmod'ed. You can set its permissions to rwxrwxrwx > > without making a spot of difference to the accessibility of the file > > it's pointing at. > > Yes, but let's say Joe User tries out the ln -s command. Now he can't delete > his symlink. This behavior is broken. A user should not be able to create > any type of file, whether a symlink or just a normal file, that is owned > by another user. How's that supposed to work? To create it, he has to have write permissions in the destination directory; the same are required to delete it. > Like I said before, how about a justification as to the usefullness of this > behavior? I've already provided one annoying result of it. You haven't. The alternative behaviour would allow a user to create a symlink to a protected file, change the permissions on the link, and thus access the file. Lose lose lose. Think of symlinks as a redirection, not a second instance of the file (contrast hard links). > Nate Lawson -- ]] Mike Smith, Software Engineer msmith@atrad.adelaide.edu.au [[ ]] Genesis Software genesis@atrad.adelaide.edu.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control (ph/fax) +61-8-267-3039 [[ ]] Collector of old Unix hardware. "Where are your PEZ?" The Tick [[