Re: [PATCH] Filesystem linking protections

From: Valdis . Kletnieks
Date: Mon Feb 07 2005 - 14:19:20 EST

Next message: Andrew Morton: "Re: [PATCH] PCI Hotplug: remove incorrect rpaphp firmwaredependency"
Previous message: blaisorblade: "[patch 1/2] uml - kbuild: add further cleaning [before 2.6.11]"
In reply to: John Richard Moser: "Re: [PATCH] Filesystem linking protections"
Next in thread: Lorenzo Hernández García-Hierro: "Re: [PATCH] Filesystem linking protections"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 07 Feb 2005 19:57:06 +0100, Lorenzo =?ISO-8859-1?Q?Hern=E1ndez_?= =?ISO-8859-1?Q?Garc=EDa-Hierro?= said:

> This patch adds two checks to do_follow_link() and sys_link(), for
> prevent users to follow (untrusted) symlinks owned by other users in
> world-writable +t directories (i.e. /tmp), unless the owner of the
> symlink is the owner of the directory, users will also not be able to
> hardlink to files they do not own.

This should be done using the LSM framework. That's what it's *THERE* for.
I've previously posted an LSM that does these checks (and a few others), it
should be in the archives.

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Andrew Morton: "Re: [PATCH] PCI Hotplug: remove incorrect rpaphp firmwaredependency"
Previous message: blaisorblade: "[patch 1/2] uml - kbuild: add further cleaning [before 2.6.11]"
In reply to: John Richard Moser: "Re: [PATCH] Filesystem linking protections"
Next in thread: Lorenzo Hernández García-Hierro: "Re: [PATCH] Filesystem linking protections"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]