Re: [PATCH] Filesystem linking protections

["Lorenzo Hernández García-Hierro" <lorenzo@gnu.org>]

[-- Attachment #1: Type: text/plain, Size: 1336 bytes --]

El lun, 07-02-2005 a las 11:12 -0800, Chris Wright escribió:
> * Lorenzo Hernández García-Hierro (lorenzo@gnu.org) wrote:
> > This patch adds two checks to do_follow_link() and sys_link(), for
> > prevent users to follow (untrusted) symlinks owned by other users in
> > world-writable +t directories (i.e. /tmp), unless the owner of the
> > symlink is the owner of the directory, users will also not be able to
> > hardlink to files they do not own.
> > 
> > The direct advantage of this pretty simple patch is that /tmp races will
> > be prevented.
> 
> The disadvantage is that it can break things and places policy in the
> kernel.

It's just like DAC then, because it never applies any policy than a
simple check relying on kernel's DAC, and standard capabilities &
permissions.DAC-related checks are placed all over the place, but maybe
the place is lacking of some ones that may be important.

About what things it can break, I haven't noticed any issue on it (at
least regarding grSecurity or OpenWall), but of course I would
appreciate a lot any information on them, so, I could report to the
developers that are currently using this in their own solutions.

Thanks in advance,
Cheers.
-- 
Lorenzo Hernández García-Hierro <lorenzo@gnu.org> 
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]

[-- Attachment #2: Esta parte del mensaje está firmada digitalmente --]
[-- Type: application/pgp-signature, Size: 189 bytes --]