Date: Wed, 7 May 1997 09:23:01 +0400 (MSD) From: Dmitry Valdov <dv@kis.ru> To: freebsd-bugs@freebsd.org Subject: Re: A vulnerability in Lynx (all versions) (fwd) Message-ID: <Pine.BSF.3.95q.970507092151.19439C-100000@xkis.kis.ru>
next in thread | raw e-mail | index | archive | help
Hi! How about this feature in FreeBSD? ---------- Forwarded message ---------- Date: Tue, 6 May 1997 13:57:55 +0200 From: Luca Berra <bluca@comedia.it> To: BUGTRAQ@NETSPACE.ORG Subject: Re: A vulnerability in Lynx (all versions) Actually, for those out there running linux, someone (Andrew tridgell if i remember correctly) wrote a kernel patch to completely disable symlinks in tmp attacks. basically it does not follow any symlinks (in directories with the sticky bit set) if the owner of the link is different than the owner of the target. i think something like this should be implemented in other OSes as well. Regards Luca -- Luca Berra -- bluca@comedia.it System and Network Manager - CoMedia s.r.l. PGP Public key available via finger
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970507092151.19439C-100000>