[1269] in linux-security and linux-alert archive
Re: [linux-security] Re: t bit and symlinks patch
daemon@ATHENA.MIT.EDU (Michael T Farnworth)
Fri Oct 25 09:00:15 1996
Date: Fri, 25 Oct 1996 03:23:48 -0400 (EDT)
From: Michael T Farnworth <mtf@imeid.com>
To: Andrew.Tridgell@anu.edu.au
cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <96Oct22.090144+1000est.65092-27084+2569@arvidsjaur.anu.edu.au>
On Tue, 22 Oct 1996, Andrew Tridgell wrote:
> The proposed changes to the behaviour of links extends this idea by
> making the t bit also limit other behaviour which is even more
> dangerous than allowing people to delete files. Allowing users to
> follow links owned by other users is more dangerous than allowing them
> to delete files because by following links they can destroy files
> anywhere on the system, not just the files created by the programs that
> write to /tmp.
It sounds as though this 'simple' solution to all the potential security
holes is getting increasingly convoluted. Surely this leads down a
pathway towards increased incompatibility with other unixes. Ultimately
tampering like this with things which are considered uniform by
programmers is sure to lead to mysterious difficult to find bugs and a
reduced understanding of how the operating system works. Introducing
many exceptions to rules is not a good thing. Fixing broken programs in
this kind of way just encourages people to produce more broken programs.
Better to fix things than to turn the operating system into a big clunky
system, filled with exceptions and generally a fudge.
This is not intended as a flame, but an appeal to fix the broken
parts rather than increase overhead and complexity with operations which
are only applicable in a minority of cases.
>
> Cheers, Andrew
>
Mtf