From owner-freebsd-security Sat Oct 2 8:46:35 1999 Delivered-To: freebsd-security@freebsd.org Received: from quaggy.ursine.com (lambda.blueneptune.com [209.133.45.179]) by hub.freebsd.org (Postfix) with ESMTP id D02B214D6E for ; Sat, 2 Oct 1999 08:46:31 -0700 (PDT) (envelope-from fbsd-security@ursine.com) Received: from michael (lambda.ursine.com [209.133.45.69]) by quaggy.ursine.com (8.9.2/8.9.3) with ESMTP id IAA15960 for ; Sat, 2 Oct 1999 08:46:33 -0700 (PDT) Message-ID: <199910020846310710.17F35F81@quaggy.ursine.com> In-Reply-To: <199909300401.WAA08495@harmony.village.org> References: <199909291352.GAA31310@cwsys.cwsent.com> <199909300401.WAA08495@harmony.village.org> X-Mailer: Calypso Version 3.00.00.13 (2) Date: Sat, 02 Oct 1999 08:46:31 -0700 From: "Michael Bryan" To: freebsd-security@FreeBSD.ORG Subject: Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 9/29/99 at 10:01 PM Warner Losh wrote: > >FreeBSD should follow symlinks. In fact in the base system we have >/dev/log which points to /var/run/log. Would it make sense to have the following behaviour when bind() encounters a symlink? 1) If a symlink exists and points to a valid Unix-domain socket, go ahead and follow the link. 2) If a symlink points to something other than a valid Unix-domain socket, including a filename that does not yet exist, then do not follow the symlink, and return an appropriate error. This still allows /dev/log -> /var/run/log to work, but prevents abuse in cases of poor code like in ssh. Michael Bryan fbsd-security@ursine.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message