Re: t bit and symlinks patch

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Jauder Ho: "Re: t bit and symlinks patch"
• Previous message: Alan Cox: "Re: Bandwidth limits??"
• Maybe in reply to: Andrew Tridgell: "t bit and symlinks patch"
• Next in thread: Jauder Ho: "Re: t bit and symlinks patch"
• Reply: Jauder Ho: "Re: t bit and symlinks patch"
• Reply: Igor Chudov @ home: "Re: [linux-security] Re: t bit and symlinks patch"

I generally agree, its just that I think its hard to actually change
all those programs (and programmers) out there that use /tmp.

I also think that the change does in fact breath new life into
/tmp. Are there any /tmp related security holes that it doesn't fix?
There probably are some, its just that I can't think of them right
now.

Anyway, I've updated my patch slightly. I changed it so that symlinks
owned by root are not affected. This is safe and means it breaks less
things.

With my original patch I found that one thing broke on my mail
server. I had a link called "tridge" owned by root in /var/spool/mail
that pointed to /home/tridge/InBox (due to a transition in mailer
behaviour). I also had /var/spool/mail world writeable with the t bit
set. My original patch meant I couldn't run programs that referenced
/var/spool/mail/tridge.

This is now the active bit of the patch:

if (S_ISLNK(inode->i_mode) && (dir->i_mode & S_ISVTX) &&
inode->i_uid != 0 &&
current->fsuid != inode->i_uid) {
iput(dir);
iput(inode);
*res_inode = NULL;
return -EPERM;
}

the full patch is available from
ftp://samba.anu.edu.au/pub/linux/symlink.patch

Cheers, Andrew

• Next message: Jauder Ho: "Re: t bit and symlinks patch"
• Previous message: Alan Cox: "Re: Bandwidth limits??"
• Maybe in reply to: Andrew Tridgell: "t bit and symlinks patch"
• Next in thread: Jauder Ho: "Re: t bit and symlinks patch"
• Reply: Jauder Ho: "Re: t bit and symlinks patch"
• Reply: Igor Chudov @ home: "Re: [linux-security] Re: t bit and symlinks patch"