> > No, no, no... you could potentially trick an app into indirecting
> > though a symlink it otherwise wouldn't have indirected through,
> > getting unauthorized access to a file.
>
> So, I still don't get it. Explain please....
>
> You mean something like
What about:
I tell at to run job /tmp/program. Tmp in fact is symlink to
/.tmp/${UID}. At checks that I have privileges to /tmp/program, and
places '/tmp/program' in some kind of list of things to do.
Some time later, cron looks, and sees that luser cracker wants to exec
/tmp/program. But, due to some things, /tmp is no longer pointer to
/.tmp/crackeruid, it is pointer to /.tmp/gooduid. But cron does not
know that. Cron does not check permissions, now. It already done
so. So it executes /tmp/program. But it executes _other_, potentially
secret, /tmp/program.
I do not think above is realistic. It probably is not. But you see
where problem _might_ be.
Cron is bad example... But maybe there's better one :-(.
Pavel
-- I'm really pavel@atrey.karlin.mff.cuni.cz. Pavel Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu