Date: Tue, 15 Jun 1999 01:57:40 -0500 (CDT) From: David Scheidt <dscheidt@enteract.com> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: Stephen McKay <syssgm@detir.qld.gov.au>, Chuck Youse <cyouse@cybersites.com>, hackers@FreeBSD.ORG, Marc Ramirez <mrami@gbtb.com> Subject: Re: symlink question Message-ID: <Pine.NEB.3.96.990615014431.86791A-100000@shell-1.enteract.com> In-Reply-To: <2743.929428404@zippy.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 14 Jun 1999, Jordan K. Hubbard wrote:
> > symlinks have caused me grief (Pyramid OSx) and never joy. I hope it fails
> > yet again to appear in FreeBSD. Just think of the new security holes for a
> > start.
>
> Name one, please. You can currently point a symlink anyplace you
> like; whether the user has permission to *read* or execute the target
> of the link, however, is where the genuine system administration takes
> over. How the actual value is derived shouldn't make that much
> difference. :)
First try: Suppose foo depends on /usr/local/etc/foo.conf.
/usr/local/etc is a link to /usr/local/${ARCH}/etc. User does
export $ARCH=../../home/user, so /usr/local/etc/foo.conf is now in
their home directory. Depending on how poorly written foo is
written, it may be possible for the user to get foo to do things
it wouldn't normally. There a bunch of these sorts of things
lurking here. Clearly, navigation up the tree can't be allowed,
at least for processes operating with increased privs. There are
probably some other path subversion issues, or potential issues,
lurking in this. This is not to say this isn't a good idea. I
can think of serveral uses that would make my life easier.
David Scheidt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96.990615014431.86791A-100000>