[1269] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] Re: t bit and symlinks patch

daemon@ATHENA.MIT.EDU (Michael T Farnworth)
Fri Oct 25 09:00:15 1996

Date: Fri, 25 Oct 1996 03:23:48 -0400 (EDT)
From: Michael T Farnworth <mtf@imeid.com>
To: Andrew.Tridgell@anu.edu.au
cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <96Oct22.090144+1000est.65092-27084+2569@arvidsjaur.anu.edu.au>

On Tue, 22 Oct 1996, Andrew Tridgell wrote:

> The proposed changes to the behaviour of links extends this idea by
> making the t bit also limit other behaviour which is even more
> dangerous than allowing people to delete files. Allowing users to
> follow links owned by other users is more dangerous than allowing them
> to delete files because by following links they can destroy files
> anywhere on the system, not just the files created by the programs that
> write to /tmp.

It sounds as though this 'simple' solution to all the potential security 
holes is getting increasingly convoluted.  Surely this leads down a 
pathway towards increased incompatibility with other unixes.  Ultimately 
tampering like this with things which are considered uniform by 
programmers is sure to lead to mysterious difficult to find bugs and a 
reduced understanding of how the operating system works.  Introducing 
many exceptions to rules is not a good thing.  Fixing broken programs in 
this kind of way just encourages people to produce more broken programs.

Better to fix things than to turn the operating system into a big clunky 
system, filled with exceptions and generally a fudge.

This is not intended as a flame, but an appeal to fix the broken 
parts rather than increase overhead and complexity with operations which 
are only applicable in a minority of cases.

> 
> Cheers, Andrew
> 

Mtf

home help back first fref pref prev next nref lref last post