Re: ln weirdness

David Gibson (david@brucehall20.anu.edu.au)
Tue, 25 Mar 1997 00:34:13 +1100 (EST)


On Mon, 24 Mar 1997, Andrew Walker wrote:

> On Mon, 24 Mar 1997, Gerald Britton wrote:
>
> > as a normal user, the system lets me do this:
> >
> > ln /etc/shadow /tmp/testfile
> >
> > it then creates testfile as the same permissions and ownership of
> > /etc/shadow, thus i still cannot read it, but should it really be letting
> > me do this? Also, after i create the file, i cannot remove it (since i do
> > not own it). Should it really be doing this?
> >
>
> [ ... Explanation on link and t bit semantics ]
>
> Did that make sense? What you are experiencing is correct UNIX practice.
> A lot of people who are new to UNIX (I'm not saying you're a newbie,
> but you obviously weren't aware of this) don't fully grasp the permissions
> stuff, and think they have discovered huge security holes in UNIX. They
> haven't! Its designed that way. Its a feature not a bug.

Actually there is a security problem here (not exactly a hole, since
carefully written userspace programs can avoid it) - an ordinary user can
create a link to say /etc/passwd in /tmp as a name used by (for e.g.)
gcc's temporary files. If root later runs gcc, it may write to this file,
which will overwrite /etc/passwd. This, and a similar problem with
symlinks is addressed in Andrew Tridgell's symlink patch. I'd point you to
samba.anu.edu.au:/pub/linux/symlink.patch

But this seems to be an old version that addresses only the symlink, not
the hard link problem.

David Gibson @ The Lorax | New from Microsoft...
david%brucehall20@anu.edu.au | THNEED 95
| Which everyone, Everyone, EVERYONE needs.