From owner-freebsd-security  Wed Mar 21 23:34:51 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id 6427C37B71E
	for <security@freebsd.org>; Wed, 21 Mar 2001 23:34:39 -0800 (PST)
	(envelope-from cjc@rfx-216-196-73-168.users.reflexcom.com)
Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Wed, 21 Mar 2001 23:32:35 -0800
Received: (from cjc@localhost)
	by rfx-216-196-73-168.users.reflexcom.com (8.11.3/8.11.1) id f2M7YWX58258;
	Wed, 21 Mar 2001 23:34:32 -0800 (PST)
	(envelope-from cjc)
Date: Wed, 21 Mar 2001 23:34:31 -0800
From: "Crist J. Clark" <cjclark@reflexnet.net>
To: "J.A. Terranson" <measl@mfn.org>
Cc: security@FreeBSD.ORG
Subject: Re: chflags/symlinks
Message-ID: <20010321233431.C574@cjc-desktop.users.reflexcom.com>
Reply-To: cjclark@alum.mit.edu
References: <Pine.BSF.4.21.0103200548140.24537-100000@greeves.mfn.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.21.0103200548140.24537-100000@greeves.mfn.org>; from measl@mfn.org on Tue, Mar 20, 2001 at 05:57:23AM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, Mar 20, 2001 at 05:57:23AM -0600, J.A. Terranson wrote:
> 
> Good Morning/Afternoon/Etc.,
> 
> 	I believe there is an issue WRT the above pair.

The chflags(1) manpage says,

     Symbolic links do not have flags, so unless the -H or -L option is set,
     chflags on a symbolic link always succeeds and has no effect.

> 	Problem: There is no way to secure (schg, etc) the link.  I can
> secure the files to which they point, but not the links
> themselves.  Theoretically, an attack can be launched by deleting the
> symlinks and creating new ones, rather than altering the files directly
> (as they are safe under securelevel 3).
> 
> 	For us, the issue has been nighty cleanup routines killing the
> symlinks, and thereby breaking *everything* :-(
> 
> 
> 	I there is something I have missed here, I would *love* to know...

You can schg the directory in which the symlinks are in. That of
course may or may not be practical for you.
-- 
Crist J. Clark                           cjclark@alum.mit.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message