Date: Tue, 07 Apr 1998 02:38:44 +0800 From: Peter Wemm <peter@netplex.com.au> To: =?koi8-r?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.pp.ru> Cc: committers@FreeBSD.ORG Subject: Re: cvs commit: src/sys/kern vfs_vnops.c src/sys/sys fcntl.h Message-ID: <199804061838.CAA16914@spinner.netplex.com.au> In-Reply-To: Your message of "Mon, 06 Apr 1998 22:16:22 %2B0400." <19980406221622.37671@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
=?koi8-r?B?4c7E0sXKIP7F0s7P1w==?= wrote: > > In article <199804061738.KAA02766.kithrup.freebsd.cvs-all@freefall.freebsd. org> you write: > > > sys/kern vfs_vnops.c > > > sys/sys fcntl.h > > > Log: > > > Implement a new open(2) flag: O_NOFOLLOW. This will instruct open > > > to not follow symlinks, but to open a handle on the link itself(!). > > > As strange as this might sound, it has several useful applications > > > safe race-free ways of opening files in hostile areas (eg: /tmp, a mode > > > 1777 /var/mail, etc). It also would allow things like fchown() to work > > > on the link rather than having to implement a new syscall specifically f or > > > that task. > > > If we talk about /tmp links security problem, this change require > modification of each application, which isn't sounds well. Better hack > will be to treat 't' bit of directory as 'not follow symlink' instruction > in the kernel. It autoumatically fix all known /tmp races without > applications modification. This has been thrashed out again and again on lists like bugtraq. That sort of thing is not really a "fix" to the problem - because if the symlink race is being done under user control (eg: user causing a setuid program that has a bug), the odds are that it'll use $TMPDIR or something else silly. Then, the user can mkdir $HOME/tmp, set TMPDIR to $HOME/tmp and do exactly what they please without any "protection" from 't' bit hacks. Cheers, -Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804061838.CAA16914>