Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261280AbVBGTxB (ORCPT ); Mon, 7 Feb 2005 14:53:01 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261302AbVBGTwb (ORCPT ); Mon, 7 Feb 2005 14:52:31 -0500 Received: from vds-320151.amen-pro.com ([62.193.204.86]:33498 "EHLO vds-320151.amen-pro.com") by vger.kernel.org with ESMTP id S261279AbVBGTlN (ORCPT ); Mon, 7 Feb 2005 14:41:13 -0500 Subject: Re: [PATCH] Filesystem linking protections From: Lorenzo =?ISO-8859-1?Q?Hern=E1ndez_?= =?ISO-8859-1?Q?Garc=EDa-Hierro?= To: Chris Wright Cc: "linux-kernel@vger.kernel.org" In-Reply-To: <20050207111235.Y24171@build.pdx.osdl.net> References: <1107802626.3754.224.camel@localhost.localdomain> <20050207111235.Y24171@build.pdx.osdl.net> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-AyL+hmaAQJJAkpDVZG/n" Date: Mon, 07 Feb 2005 20:40:43 +0100 Message-Id: <1107805243.3754.240.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.0.2 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2082 Lines: 56 --=-AyL+hmaAQJJAkpDVZG/n Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable El lun, 07-02-2005 a las 11:12 -0800, Chris Wright escribi=F3: > * Lorenzo Hern=E1ndez Garc=EDa-Hierro (lorenzo@gnu.org) wrote: > > This patch adds two checks to do_follow_link() and sys_link(), for > > prevent users to follow (untrusted) symlinks owned by other users in > > world-writable +t directories (i.e. /tmp), unless the owner of the > > symlink is the owner of the directory, users will also not be able to > > hardlink to files they do not own. > >=20 > > The direct advantage of this pretty simple patch is that /tmp races wil= l > > be prevented. >=20 > The disadvantage is that it can break things and places policy in the > kernel. It's just like DAC then, because it never applies any policy than a simple check relying on kernel's DAC, and standard capabilities & permissions.DAC-related checks are placed all over the place, but maybe the place is lacking of some ones that may be important. About what things it can break, I haven't noticed any issue on it (at least regarding grSecurity or OpenWall), but of course I would appreciate a lot any information on them, so, I could report to the developers that are currently using this in their own solutions. Thanks in advance, Cheers. --=20 Lorenzo Hern=E1ndez Garc=EDa-Hierro =20 [1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org] --=-AyL+hmaAQJJAkpDVZG/n Content-Type: application/pgp-signature; name=signature.asc Content-Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBCB8Q7DcEopW8rLewRAks2AJ0Xr2Y+b3nGVg6/jAosSKXPbSL2+QCff62h SIR3wPkCLoY/YYSVWGVhC5k= =IijR -----END PGP SIGNATURE----- --=-AyL+hmaAQJJAkpDVZG/n-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/