>
> > No, no, no... you could potentially trick an app into indirecting
> > though a symlink it otherwise wouldn't have indirected through,
> > getting unauthorized access to a file.
>
> So, I still don't get it. Explain please....
>
I don't think the security concerns with varlinks are any different from
dealing with symlink races. If a program doesn't trust a symlink (or
varlink) to remain constant, it should fopen() the file and then fstat()
it, or whatever it likes once it has the file referenced by inode.
Varlinks could only make changing the link destination something triggered
internally instead of a crap shoot.. But I'm guessing that most programs
don't modify varlink-dependant variables in between access checks and
actual access. If so, they were doing things insecurely anyway :).
Separate subject (TMPDIR):
How would TMPDIR interact with suid programs? It seems like being able to
make a suid program write it's temp files to a directory you have complete
access to (as opposed to sticky access) wouldn't be a Good Thing.
It would be nice to be able to define a set of allowed environment
variables to pass to suid programs.. And have a set of "safe" defaults.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu