[1287] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] Re: t bit and symlinks patch

daemon@ATHENA.MIT.EDU (Olaf Kirch)
Sun Nov 10 18:57:34 1996

To: linux-security@redhat.com
Date: Thu, 31 Oct 1996 10:36:06 +0100
From: Olaf Kirch <okir@monad.swb.de>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com


Hi all,

People interested in implementing context-dependent files might want
to look at the transname patch recently announced on c.o.l.a. It does
roughly what has been discussed here. I'm appending the announcement
below.

However, I don't believe that CDFs are the proper solution to security
problems with publically writable directories. The CDF mechanism is
a big, klunky tool that changes kernel behavior all over the place,
and may even add more loopholes if not designed with extreme caution.
If the intention is to fix the /tmp problem without fixing broken
applications, then this should probably be done by (optionally) imposing
some limitations on the operations permitted in +t directories. IMHO
Wietse's suggestions are a good starting point for discussion.

Cheers
Olaf
-- 
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
             For my PGP public key, finger okir@brewhq.swb.de.
------------------------------------------------------------------
From: schoebel@informatik.uni-stuttgart.de (Thomas Schoebel-Theuer)
Approved: R.E.Wolff@BitWizard.nl
Newsgroups: comp.os.linux.announce
Subject: linux-2.0.21-transname - Patch for easier pool administration
Date: 30 Oct 1996 10:53:38 GMT

linux-2.0.21-transname.patch enables diskless clients, X-terminals etc to
mount the *root filesystem* of the server. This makes administration of
large pools *a lot* easier.

Currently different diskless clients must have their root "/" on different
directories on the server, beause each client has _some_ different
configuration files. However, most administration files (typically about 99%)
have the same contents on the clients and on the server, but have to be
(and maintained separately) just because of the 1% differences.

This duplication causes very large efforts in practice, since at least
the /etc directory has to be duplicated for every client. Even in /etc
many files are identical, for example sendmail.cf, initrc scripts and
others. Maintaining a large pool means to ensure coherence amoung the
duplicates. Classical methods like symlinks are unconvenient
for this task because they have to be valid in the view of mounted
filesystems at the client, not at the server.

linux-2.0-transname.patch overcomes this problem by allowing filenames
to be context-dependend. For example, if you have a file "/etc/config"
that should differ on the hosts "myserver" and "myclient", you just
create two different files named "/etc/config#host=myserver#" and
"/etc/config#host=myclient#". On host "myserver", the file
"/etc/config#host=myserver#" will appear as if it were hardlinked to
file "/etc/config" (without the #...=...# suffix). On host "myclient",
the corresponding other file will appear as "/etc/config". So you
can access the right file contents under the same name, depending
on which host you are.

As a result, you may use different contexts for e.g. /etc/fstab, but
have one shared /etc/passwd for all pool machines. So you don't need
yp or NYS any more.

The kernel patch was developped for and is used at our Linux pool at the
University of Stuttgart with good results. Maintainance of the pool is
at a minimum, and adding new clients is a child's play. No worry with
keeping up mail configurations, newly installed tools, changed /etc/services,
/etc/shells, /etc/resolv.conf and many, many others. In contrast to a
sophisticated symlink solution, adding a new file to the /etc directory
is seen immediately by all clients. I never had less trouble with
administration before.

I just uploaded the patch to
  ftp://ftp.lmh.ox.ac.uk
         where it should appear in /pub/linux-kernel-patch-archive/
and also to
  ftp://sunsite.unc.edu/pub/Linux/Incoming/
         where it should be moved to /pub/Linux/kernel/patches/misc/ soon.

More details can be found in the README there, and also in the
configure-help.

Enjoy,

-- Thomas


home help back first fref pref prev next nref lref last post