Re: symlinks with permissions (fwd)

[Pavel Machek]

Hi!

> >> Do you know of any cases where this difference matters in practice?
> >>     
> >
> > Actually yes, see the bugtraq post. guest was able to write to my file
> > when I expected that file to be protected.
> >
> > According to the bugtraq discussion, people expect directory
> > permissions to work.
> 
> Gawd, I hate to say this, but people have been improperly educated
> if they expect directory permissions to behave thusly. You can not
> count on the permissions on a directory to protect access on a file
> that the directory contains a reference to. Hard links. Mount points.
> /proc/8675309/fd. Passing file descriptors over sockets. Fork, for
> heaven's sake. That's not how Linux directories really work.

Actually it was how Unix directories really worked, before Linux /proc
came around and broke it.

See the bugtraq; yes, hardlinks are similar, but at least you see them
on ls -l. Mount points are root-only. And you can't use fork to
upgrade "read-only" filedescriptor to read write. 

										Pavel

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/