From owner-freebsd-stable@FreeBSD.ORG Thu Jun 17 20:53:34 2010 Return-Path: Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 29115106567A; Thu, 17 Jun 2010 20:53:34 +0000 (UTC) (envelope-from peterjeremy@acm.org) Received: from mail11.syd.optusnet.com.au (mail11.syd.optusnet.com.au [211.29.132.192]) by mx1.freebsd.org (Postfix) with ESMTP id A77C38FC14; Thu, 17 Jun 2010 20:53:33 +0000 (UTC) Received: from server.vk2pj.dyndns.org (c211-30-160-13.belrs4.nsw.optusnet.com.au [211.30.160.13]) by mail11.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id o5HKr4q2020747 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 18 Jun 2010 06:53:06 +1000 X-Bogosity: Ham, spamicity=0.000000 Received: from server.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by server.vk2pj.dyndns.org (8.14.4/8.14.4) with ESMTP id o5HKr34N060379; Fri, 18 Jun 2010 06:53:03 +1000 (EST) (envelope-from peter@server.vk2pj.dyndns.org) Received: (from peter@localhost) by server.vk2pj.dyndns.org (8.14.4/8.14.4/Submit) id o5HKr35W060378; Fri, 18 Jun 2010 06:53:03 +1000 (EST) (envelope-from peter) Date: Fri, 18 Jun 2010 06:53:03 +1000 From: Peter Jeremy To: d@delphij.net Message-ID: <20100617205302.GA60347@server.vk2pj.dyndns.org> References: <1276639800.2462.80.camel@localhost.localdomain> <1276646707.2462.82.camel@localhost.localdomain> <4C18195A.3020501@delphij.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="sm4nu43k4a2Rpi4c" Content-Disposition: inline In-Reply-To: <4C18195A.3020501@delphij.net> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.20 (2009-06-14) Cc: "delphij@freebsd.org" , "freebsd-stable@freebsd.org" Subject: Re: [Stable 7] CPIO breakage/ X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jun 2010 20:53:34 -0000 --sm4nu43k4a2Rpi4c Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2010-Jun-15 17:22:50 -0700, Xin LI wrote: >On 2010/06/15 17:05, Sean Bruno wrote: >> A little more background. It looks like symlinks are getting stripped >> of their '/' which sucks. Ideas? =2E.. >> e.g. /home/foo/bar -> /opt/baz/blob >>=20 >> becomes >>=20 >> home/foo/bar -> opt/baz/blob =20 >>=20 >> Yuck. > >This is a security measurement I think. Can someone please explain how stripping a leading '/' off the destination of a symlink enhances security? The destination is not being written to. >--absolute-filenames disables this behavior. This definitely reduces security and would seem to be far more dangerous than being able to create symlinks to absolute pathnames. --=20 Peter Jeremy --sm4nu43k4a2Rpi4c Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAkwaiy4ACgkQ/opHv/APuIdJeQCeIQvyufTisOHk5AUXvHmDqIrw 874AnA1tNUaHS6fnyOdHz/vhbZn/NKHR =gzO3 -----END PGP SIGNATURE----- --sm4nu43k4a2Rpi4c--