Re: Security Anti Symlink Attack Patch for 2.1.71
Tall cool one (ice@mama.indstate.edu)
Wed, 10 Dec 1997 13:28:35 -0500
"Mark H. Wood" <mwood@mhw.OIT.IUPUI.EDU> writes:
> On Sun, 7 Dec 1997, Christoph Lameter wrote:
>
> > Ok. Then I need to add condition 3 (which is already dealt with in the old
> > patch)
> >
> > 3. Symlinks established by other user except root in +t dirs are not
> > followed.
> >
> > Hmm. This again gets much too complicated..... Anyone got better thoughts?
>
> Well, it seems to me that the safest way to do this is to abandon the
> shared /tmp altogether and make every user provide his own ~/tmp. Best
> would be to define an environment variable TMP to point to it, so you
> could still do a single /tmp or put all the users' TMPs on a separate
> scratch disk or.... It seems to work well on VMS. Set the protections
> properly when the account is created, and if the user fiddles with them
> then he gets what he deserves.
>
> I know, I know: it would take years to get general agreement and many
> more years to modify all of the programs that just assume /tmp . But you
> asked.
There is I beleive some unix out there where one could imbed environment
variables in symlinks, like:
/tmp -> ${HOME}/tmp
That would be evaluated and expanded when the link is read (by the kernel,
not the shell). Of course this would no doubt would open a whole new can of
security worms. Nifty though...
- Steve
.------------------------------------------------. # * # # # # # #
| Steve Baker | Barely Working | # ## # # # # #
| ice@mama.indstate.edu | System Administrator | # # # # # # # #
| Red-Hat Rulz! | Will work for hardware | # # # ## # # # #
`-- SYS-ADMIN FOR HIRE, HAVE UNIX, WILL TRAVEL --' #### # # # ## # #