Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 07 Apr 1998 02:38:44 +0800
From:      Peter Wemm <peter@netplex.com.au>
To:        =?koi8-r?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.pp.ru>
Cc:        committers@FreeBSD.ORG
Subject:   Re: cvs commit: src/sys/kern vfs_vnops.c src/sys/sys fcntl.h 
Message-ID:  <199804061838.CAA16914@spinner.netplex.com.au>
In-Reply-To: Your message of "Mon, 06 Apr 1998 22:16:22 %2B0400." <19980406221622.37671@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
=?koi8-r?B?4c7E0sXKIP7F0s7P1w==?= wrote:
> > In article <199804061738.KAA02766.kithrup.freebsd.cvs-all@freefall.freebsd.
    org> you write:
> > >    sys/kern             vfs_vnops.c 
> > >    sys/sys              fcntl.h 
> > >  Log:
> > >  Implement a new open(2) flag: O_NOFOLLOW.  This will instruct open
> > >  to not follow symlinks, but to open a handle on the link itself(!).
> > >  As strange as this might sound, it has several useful applications
> > >  safe race-free ways of opening files in hostile areas (eg: /tmp, a mode
> > >  1777 /var/mail, etc).  It also would allow things like fchown() to work
> > >  on the link rather than having to implement a new syscall specifically f
    or
> > >  that task.
> 
> 
> If we talk about /tmp links security problem, this change require
> modification of each application, which isn't sounds well. Better hack
> will be to treat 't' bit of directory as 'not follow symlink' instruction
> in the kernel. It autoumatically fix all known /tmp races without
> applications modification.

This has been thrashed out again and again on lists like bugtraq.  That
sort of thing is not really a "fix" to the problem - because if the symlink
race is being done under user control (eg: user causing a setuid program
that has a bug), the odds are that it'll use $TMPDIR or something else
silly.  Then, the user can mkdir $HOME/tmp, set TMPDIR to $HOME/tmp and do
exactly what they please without any "protection" from 't' bit hacks.

Cheers,
-Peter



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804061838.CAA16914>