Re: hardlinks.... sucks... ;-(

Rob Hagopian (hagopiar@vuser.vu.union.edu)
Mon, 29 Dec 1997 14:11:46 -0500 (EST)


Just my $0.02: I think this is a _very_ good idea. The no-exec patch in
its current form does not break such things as trampolines and IIRC, noone
has claimed the prize money for cracking it... the symlink patch also
should not effect 99.44% of programs (I have yet to hear of a program that
needs to make a link in /tmp [hard or soft] to a file it doesn't own).

These should dramaticly decrease the security holes due to bad user-space
programming and so I really don't see why they should be excluded from the
kernel... (with appropriate warnings/etc)
-Rob H.

On Mon, 29 Dec 1997, Krzysztof G. Baranowski wrote:

> While testing the million monkey theory, Yuri Kuzmenko said:
> IMHO this is a Good Way(tm). You did almost the same thing that
> Solar Designer had done long time ago. I'm talking about his
> linux-stack-symlink patch. I think there should be SECURITY
> section in kernel config, with stack-non-exec, symlink patches etc.
> Of course marked as experimental and with proper warnings.
> Are there any chances to have this or shall we wait for 2.3
> series ? Comments, flames ?
>
> Cheers,
> Kris
> --
> Krzysztof G. Baranowski - President of the Harmless Manyacs' Club
> "Ex sysadmin, ex kernel hacker, luser again: How to copy a file ?"
> http://www.knm.org.pl/ <prezes@manjak.knm.org.pl>
>
> Your patch on 2.1.76:
>
> --- namei.c.orig Mon Dec 29 16:31:37 1997
> +++ namei.c Mon Dec 29 16:41:52 1997
> @@ -1168,6 +1168,13 @@
> if (!old_dentry->d_inode)
> goto exit_lock;
>
> + if ((old_dentry->d_inode->i_uid != current->euid) &&
> + (old_dentry->d_inode->i_gid != current->egid)) {
> + dput(old_dentry);
> + printk("*** Security warning: UID %lu try to make the hardlink from foreign file \"%s\" to \"%s\"\n",(unsigned long)current->euid,oldname,newname);
> + return -EPERM;
> + }
> +
> error = permission(old_dir->d_inode,MAY_WRITE | MAY_EXEC);
> if (error)
> goto exit_lock;
>