From owner-freebsd-hackers Mon Jun 14 23:57:43 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from pop3-3.enteract.com (pop3-3.enteract.com [207.229.143.32]) by hub.freebsd.org (Postfix) with SMTP id ECD6614F0C for ; Mon, 14 Jun 1999 23:57:41 -0700 (PDT) (envelope-from dscheidt@enteract.com) Received: (qmail 42244 invoked from network); 15 Jun 1999 06:57:41 -0000 Received: from shell-1.enteract.com (dscheidt@207.229.143.40) by pop3-3.enteract.com with SMTP; 15 Jun 1999 06:57:41 -0000 Received: from localhost (dscheidt@localhost) by shell-1.enteract.com (8.9.3/8.9.2) with SMTP id BAA86823; Tue, 15 Jun 1999 01:57:40 -0500 (CDT) (envelope-from dscheidt@enteract.com) X-Authentication-Warning: shell-1.enteract.com: dscheidt owned process doing -bs Date: Tue, 15 Jun 1999 01:57:40 -0500 (CDT) From: David Scheidt To: "Jordan K. Hubbard" Cc: Stephen McKay , Chuck Youse , hackers@FreeBSD.ORG, Marc Ramirez Subject: Re: symlink question In-Reply-To: <2743.929428404@zippy.cdrom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 14 Jun 1999, Jordan K. Hubbard wrote: > > symlinks have caused me grief (Pyramid OSx) and never joy. I hope it fails > > yet again to appear in FreeBSD. Just think of the new security holes for a > > start. > > Name one, please. You can currently point a symlink anyplace you > like; whether the user has permission to *read* or execute the target > of the link, however, is where the genuine system administration takes > over. How the actual value is derived shouldn't make that much > difference. :) First try: Suppose foo depends on /usr/local/etc/foo.conf. /usr/local/etc is a link to /usr/local/${ARCH}/etc. User does export $ARCH=../../home/user, so /usr/local/etc/foo.conf is now in their home directory. Depending on how poorly written foo is written, it may be possible for the user to get foo to do things it wouldn't normally. There a bunch of these sorts of things lurking here. Clearly, navigation up the tree can't be allowed, at least for processes operating with increased privs. There are probably some other path subversion issues, or potential issues, lurking in this. This is not to say this isn't a good idea. I can think of serveral uses that would make my life easier. David Scheidt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message