[1241] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: t bit and symlinks patch

daemon@ATHENA.MIT.EDU (Andrew Tridgell)
Sat Oct 19 08:31:52 1996

From: Andrew Tridgell <tridge@arvidsjaur.anu.edu.au>
To: alan@lxorguk.ukuu.org.uk
CC: linux-security@tarsier.cv.nrao.edu, linux-kernel@vger.rutgers.edu,
        Linus.Torvalds@Helsinki.FI
In-reply-to: <m0vEMkT-0005FcC@lightning.swansea.linux.org.uk>
	(alan@lxorguk.ukuu.org.uk)
Reply-to: Andrew.Tridgell@anu.edu.au
Date: 	Sat, 19 Oct 1996 10:50:55 +1000

Alan wrote:
> Nice idea. IMHO however the fix is to stop people writing applications
> that use /tmp for everything. /tmp was a great idea once upon a time. Its
> value nowdays is a bit questionable. Better that daemons use /var/run
> and applications $HOME/.files

I generally agree, its just that I think its hard to actually change
all those programs (and programmers) out there that use /tmp. 

I also think that the change does in fact breath new life into
/tmp. Are there any /tmp related security holes that it doesn't fix? 
There probably are some, its just that I can't think of them right
now.

Anyway, I've updated my patch slightly. I changed it so that symlinks
owned by root are not affected. This is safe and means it breaks less
things. 

With my original patch I found that one thing broke on my mail
server. I had a link called "tridge" owned by root in /var/spool/mail
that pointed to /home/tridge/InBox (due to a transition in mailer
behaviour). I also had /var/spool/mail world writeable with the t bit
set. My original patch meant I couldn't run programs that referenced
/var/spool/mail/tridge.

This is now the active bit of the patch:

	if (S_ISLNK(inode->i_mode) && (dir->i_mode & S_ISVTX) &&
	    inode->i_uid != 0 &&
	    current->fsuid != inode->i_uid) {
		iput(dir);
		iput(inode);
		*res_inode = NULL;
		return -EPERM;
	}


the full patch is available from
ftp://samba.anu.edu.au/pub/linux/symlink.patch 

Cheers, Andrew

home help back first fref pref prev next nref lref last post