On Feb 28, 2006, at 22:54:15, Hauke Laging wrote:
6) In my scenario the VFS would add a step after 4): It would check
if the symlink has been created by someone different from the
process's uid and from root. If so there is the risk of abuse and
the access check would be repeated for the symlink owner.
7) The VFS would find out that the symlink owner is not allowed to
write to /etc/passwd. Thus the write access is prohibited, even for
a process with superuser rights.
Feel free to write an LSM to do this, but it breaks POSIX specs a bit
and could cause problems with some programs, so it's not likely to
become the default behavior.
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
