From owner-freebsd-security Mon Jun 26 2:45:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from overcee.netplex.com.au (peter1.corp.yahoo.com [208.48.107.4]) by hub.freebsd.org (Postfix) with ESMTP id B69D737BBAB for ; Mon, 26 Jun 2000 02:45:45 -0700 (PDT) (envelope-from peter@netplex.com.au) Received: from netplex.com.au (localhost [127.0.0.1]) by overcee.netplex.com.au (Postfix) with ESMTP id AEE461CD7; Mon, 26 Jun 2000 02:45:44 -0700 (PDT) (envelope-from peter@netplex.com.au) X-Mailer: exmh version 2.1.1 10/15/1999 To: Warner Losh Cc: netch@lucky.net, freebsd-security@FreeBSD.ORG Subject: Re: O_NOFOLLOW In-Reply-To: Message from Warner Losh of "Sun, 25 Jun 2000 20:48:05 MDT." <200006260248.UAA14432@harmony.village.org> Date: Mon, 26 Jun 2000 02:45:44 -0700 From: Peter Wemm Message-Id: <20000626094544.AEE461CD7@overcee.netplex.com.au> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Warner Losh wrote: > In message <20000613152211.B42067@lucky.net> Valentin Nechayev writes: > : O_NOFOLLOW flag for open() syscall exists since 3.0-CURRENT and is quite > : useful for secure open, but is not documented in open(2) man page yet. > : Do FreeBSD team have its disclosing in plans? > > I'm not sure that it works from userland. At least that's what I > recall from testing at one point... The original issue was what to do if you actually got a symlink. In the original implementation, you could open/read/write the symlink itself, but there were some pretty evil constraints. As I recall, the currently committed code will let you open a symlink but not read or write it. If you are intending to use it in a security role, you still need to fstat it to make sure it is the file you intended and not a handle on some symlink. This should be documented somehere.. It does not return EISLINK or something like that when pointed at a symlink. Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message