Re: varlinks! (and 2.1.98 works for me)

Ton Hospel (thospel@mail.dma.be)
30 Apr 1998 12:47:51 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Hartwig Felger: "Re: 2.1.98 Oops with PPP"
Previous message: Samuli Kaski: "2.1/2.2: a.out question"
Maybe in reply to: Rogier Wolff: "varlinks! (and 2.1.98 works for me)"

In article <19980429215419.62160@elf.mj.gts.cz>,
Pavel Machek <pavel@elf.ucw.cz> writes:
> Hi!
>
>> > No, no, no... you could potentially trick an app into indirecting
>> > though a symlink it otherwise wouldn't have indirected through,
>> > getting unauthorized access to a file.
mm, I also don't get it.
suppose we have a security sensitive program that gets such a varlink name.
Then it will:
- just follow the link (just do a write or something)
in that case the security situation did not change
- stare at the link (e.g. do a readlink), do some checking, then follow it.
That had a race condition anyways, so it cannot be trusted
To me it seems that the varlink patch is security neutral, it only gives
you new exploits if things were insecure to start with.

Look at it from this angle. A symlink is a transformation from one name
into another. The kernel does this mapping, and programs don't tend to
outguess the kernel, but just use the names as is or ask the kernel
what it finally points to. This remains the case with varlinks, it's just
that the mapping the kernel does has changed a bit from how we humans think
about it.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Hartwig Felger: "Re: 2.1.98 Oops with PPP"
Previous message: Samuli Kaski: "2.1/2.2: a.out question"
Maybe in reply to: Rogier Wolff: "varlinks! (and 2.1.98 works for me)"