Re: security warning

Kevin Buhr (buhr@stat.wisc.edu)
16 Dec 1997 13:59:18 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: security warning"
Previous message: ketil@ii.uib.no: "Re: NFS problem in 2.0.32"
In reply to: Alan Cox: "Re: security warning"
Next in thread: t0mmy: "Re: security warning"

alan@lxorguk.ukuu.org.uk (Alan Cox) writes:
>
> There is a symlink bug in 2.1.x but this isnt it. The one that needs fixing
> is open O_EXCL and O_CREAT ahouldnt follow or ignore existing symlinks
> dangling or otherwise. That broke somewhere with dentries and hasnt yet
> got fixed to be correct as 2.0 is. Without this sendmail and stuff arent
> terribly secure on 2.1.x.

While we're at it, note that hardlink creation follows symlinks. That
is:

touch foo
ln -s bar bar-symlink
perl -e 'link "foo", "bar-symlink"'

hard links "bar" to "foo". (GNU "ln" is too smart for its own good,
so "ln foo bar-symlink" doesn't work.) Therefore, programs using
"create, hardlink, and stat" file locking in place of O_EXCL|O_CREATE
face a similar security problem.

Thomas's comments in "fs/namei.c" refer to this situation; it looks
like Solaris, SunOS, and HP-UX all handle things differently.

I'm not sure what to suggest. While a case can be made that following
symlinks on hardlinking is sensible, in the delicate situations where
hardlinks are actually ever *used*, symlinks are typically unexpected;
it seems best to not follow them, at least on the destination.

Kevin <buhr@stat.wisc.edu>

P.S. Thomas, patch your name into the CREDITS file.

Next message: Alan Cox: "Re: security warning"
Previous message: ketil@ii.uib.no: "Re: NFS problem in 2.0.32"
In reply to: Alan Cox: "Re: security warning"
Next in thread: t0mmy: "Re: security warning"