t bit and symlinks patch

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Herbert Rosmanith: "NFS problems linux <--> RS6000"
• Previous message: Bryn Paul Arnold Jones: "Re: msdos fs bug? (comma in filename)"
• Next in thread: Marty Leisner: "Re: t bit and symlinks patch"
• Reply: Marty Leisner: "Re: t bit and symlinks patch"
• Reply: Alan Cox: "Re: t bit and symlinks patch"
• Maybe reply: Andrew Tridgell: "Re: t bit and symlinks patch"
• Reply: Kai Henningsen: "Re: t bit and symlinks patch"

Please let me know if you can see any problems with this patch, or a
better way of doing it.

This patch is against kernel 2.0.22 but should work with any recent
kernel.

Cheers, Andrew

--- linux/fs/namei.c.orig Fri Oct 18 22:21:43 1996
+++ linux/fs/namei.c Fri Oct 18 22:07:06 1996
@@ -17,6 +17,7 @@
#include <linux/fcntl.h>
#include <linux/stat.h>
#include <linux/mm.h>
+#include <linux/config.h>

#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])

@@ -205,6 +206,20 @@
*res_inode = inode;
return 0;
}
+#ifdef CONFIG_SYMLINK_FIX
+ /* don't follow links in directories that have the t bit set
+ if the fsuid != the owner of the link. This stops all
+ the nasty "symlink-in-/tmp" security holes. Note
+ that this explicitly includes root (tridge)
+ */
+ if (S_ISLNK(inode->i_mode) && (dir->i_mode & S_ISVTX) &&
+ current->fsuid != inode->i_uid) {
+ iput(dir);
+ iput(inode);
+ *res_inode = NULL;
+ return -EPERM;
+ }
+#endif
return inode->i_op->follow_link(dir,inode,flag,mode,res_inode);
}

--- linux/fs/Config.in.orig Fri Oct 18 22:21:24 1996
+++ linux/fs/Config.in Fri Oct 18 22:06:10 1996
@@ -6,6 +6,7 @@

bool 'Quota support' CONFIG_QUOTA
bool 'Mandatory lock support' CONFIG_LOCK_MANDATORY
+bool 'Symlink security fix' CONFIG_SYMLINK_FIX
tristate 'Minix fs support' CONFIG_MINIX_FS
tristate 'Extended fs support' CONFIG_EXT_FS
tristate 'Second extended fs support' CONFIG_EXT2_FS
--- linux/Documentation/Configure.help.orig Fri Oct 18 22:22:23 1996
+++ linux/Documentation/Configure.help Fri Oct 18 22:13:16 1996
@@ -2798,6 +2798,17 @@
writing none of these are available. So it's safest to say N here
unless you really know that you need this feature.

+Symlink security fix
+CONFIG_SYMLINK_FIX
+ A very common class of security hole on unix-like systems involves a
+ malicious user creating a symbolic link in /tmp pointing
+ at another users file (often a file owned by root). When the victim
+ then writes to that file they inadvertently write to the wrong file.
+ Enabling this option fixes this class of security hole by preventing
+ a process from following a link which is in a directory with the t bit
+ set unless they own the link.
+ It is highly recommended that you say yes to this option.
+
Minix fs support
CONFIG_MINIX_FS
Minix is a simple operating system used in many classes about

• Next message: Herbert Rosmanith: "NFS problems linux <--> RS6000"
• Previous message: Bryn Paul Arnold Jones: "Re: msdos fs bug? (comma in filename)"
• Next in thread: Marty Leisner: "Re: t bit and symlinks patch"
• Reply: Marty Leisner: "Re: t bit and symlinks patch"
• Reply: Alan Cox: "Re: t bit and symlinks patch"
• Maybe reply: Andrew Tridgell: "Re: t bit and symlinks patch"
• Reply: Kai Henningsen: "Re: t bit and symlinks patch"