Re: VFS: Dynamic umask for the access rights of linked objects

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hauke Laging <[email protected]> wrote:
> Am Mittwoch 01 März 2006 03:45 schrieb Sam Vilain:
> > Of course this doesn't work if, like /tmp and /var/tmp are shipped as on
> > every distribution, the directory has permissions 1777.

> I had this idea after the announcement of such a security problem in an 
> antivirus software. The rpm package was buggy and set wrong rights for the 
> installation directory /usr/whatever. So this is a real-world problem.

Right, some programs are broken.

[...]

> > What problem you are trying to solve?

> I want to prevent the case that superuser processes accidentally read or 
> write (system) files because they have been redirected there by a symlink 
> which has been created by a user who cannot access (or at least write) 
> these files hinself.

Don't do that then. Programs running as superuser should always be extra
careful. Nothing (or nearly) should ever be run as "normal user" root.

Yes, root can shoot its feet at will. Always has been able to. Doing it by
blindly following a symlink planted in her home or in /tmp by the local
cracker-wannabe is just one (very minor) more way of doing so.
-- 
Dr. Horst H. von Brand                   User #22616 counter.li.org
Departamento de Informatica                     Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria              +56 32 654239
Casilla 110-V, Valparaiso, Chile                Fax:  +56 32 797513
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux