[1721] in linux-security and linux-alert archive
[linux-security] Re: Re: Towards a solution of tmp-file problems (fwd)
daemon@ATHENA.MIT.EDU (Arnold Hendriks)
Sat Mar 14 09:46:45 1998
From: Arnold Hendriks <unilynx@core.dumped.org>
In-Reply-To: <199803130657.RAA03244@localhost.localdomain> from Allen Bolderoff at "Mar 13, 98 05:27:49 pm"
To: linux-security@redhat.com
Date: Fri, 13 Mar 1998 13:34:27 +0100 (CET)
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
Allen Bolderoff wrote...
> or have the kernel create a virtual filesystem that doesn't allow
> symlinks/hardlinks?
> IMHO, the only solution is going to be kernel based in this manner.
There might be reasons for wanting symlinks inside /tmp. An additional mount
option to not follow symlinks that cross devices can solve our problem here
(and might be useful for other things too)
Simply creating a 100mb-or-so partition for /tmp, and mount it with a
(to-be-kernel-supplied) "noxdevlink" option. Symlinks would be perfectly
allowed on the /tmp directory (helps when untarring and compiling new software
in /tmp which uses symlinks), but no symlinks would be allowed to cross
filesystems. When /tmp is seperate, there would be no way to symlink /tmp to
important /etc files, or anything else.
Kernel would probably have to give EPERM (permission denied) on any attempt
to follow a symlink crossing devices, if the symlink started on a no-symlink
device. There would be no need for a new filesytem type, just a mount
option. This probably could be managed before 2.2 (probably, not too sure
of kernel internals)
--
Arnold Hendriks
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null