Date: Fri, 10 Apr 1998 17:14:54 +0200 From: ak@muc.de To: Wolfram Schneider <wosch@cs.tu-berlin.de>, Andi Kleen <ak@muc.de> Cc: freebsd-fs@FreeBSD.ORG Subject: Re: cvs commit: src/sbin/mount mntopts.h mount.8 mount.c src/sys/kern vfs_lookup.c vfs_syscalls.c vfs_vnops.c src/sys/sys mount.h Message-ID: <19980410171454.39443@fred.muc.de> In-Reply-To: <19980410164505.27668@panke.de>; from Wolfram Schneider on Fri, Apr 10, 1998 at 04:45:05PM %2B0200 References: <199804081832.LAA04184@freefall.freebsd.org> <k2emz5oqe9.fsf@zero.aec.at> <19980410164505.27668@panke.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Apr 10, 1998 at 04:45:05PM +0200, Wolfram Schneider wrote: > On 1998-04-10 13:41:18 +0200, Andi Kleen wrote: > > > wosch 1998/04/08 11:32:00 PDT > > > Modified files: > > > sbin/mount mntopts.h mount.8 mount.c > > > sys/kern vfs_lookup.c vfs_syscalls.c vfs_vnops.c > > > sys/sys mount.h > > > Log: > > > New mount option nosymfollow. If enabled, the kernel lookup() > > > function will not follow symbolic links on the mounted > > > file system and return EACCES (Permission denied). > > > > Note that this is not enough alone to prevent /tmp races. A malicious > > user can still use a named pipe to feed the victim changed data. > > [moved to freebsd-fs] > > I can add a nonamedpipe option ;-) Or include that with nodev (or does it do that already?) > > A named pipe race is much harder to implement than a symlink race. > How do you avoid dead locks? What deadlocks? the exploit will be "single threaded" but I don't think there are deadlocks. It is possible, that is what counts. Just use O_CREAT|O_EXCL always. -A. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-fs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980410171454.39443>