Re: security warning

Alan Cox (alan@lxorguk.ukuu.org.uk)
Tue, 16 Dec 1997 10:37:19 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: NFS problem in 2.0.32"
Previous message: Alan Cox: "Re: smb: more than broken?"
In reply to: Albert D. Cahalan: "security warning"
Next in thread: Jon Lewis: "Re: security warning"
Reply: Jon Lewis: "Re: security warning"
Reply: Albert D. Cahalan: "Re: security warning"
Reply: Kevin Buhr: "Re: security warning"

> I would strongly suggest the following patch:
> ftp://ftp.fuller.edu/Linux/symlink-attack-patch-2.1.71
> I hope that patch gets in the kernel soon, default to "Y".

Why do we want a patch breaking symbolic links and several applications.
Fix the applications or fix the use of /tmp even better still.

There is a symlink bug in 2.1.x but this isnt it. The one that needs fixing
is open O_EXCL and O_CREAT ahouldnt follow or ignore existing symlinks
dangling or otherwise. That broke somewhere with dentries and hasnt yet
got fixed to be correct as 2.0 is. Without this sendmail and stuff arent
terribly secure on 2.1.x.

That shouldnt be too hard to fix

Alan

Next message: Alan Cox: "Re: NFS problem in 2.0.32"
Previous message: Alan Cox: "Re: smb: more than broken?"
In reply to: Albert D. Cahalan: "security warning"
Next in thread: Jon Lewis: "Re: security warning"
Reply: Jon Lewis: "Re: security warning"
Reply: Albert D. Cahalan: "Re: security warning"
Reply: Kevin Buhr: "Re: security warning"