[366] in linux-security and linux-alert archive
Re: elm and /tmp/mbox.*
daemon@ATHENA.MIT.EDU (Yury Shevchuk)
Mon Sep 18 10:56:22 1995
Date: Mon, 18 Sep 95 10:37 +0400
To: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199509120856.KAA02282@i17linuxb.ists.pwr.wroc.pl>;
from Marek Michalkiewicz
at Tue, 12 Sep 1995 10:56:53 +0200 (MET DST)
From: sizif@botik.ru (Yury Shevchuk)
In message <199509120856.KAA02282@i17linuxb.ists.pwr.wroc.pl> Marek
Michalkiewicz writes:
>This is a more general problem. Any program creating files in /tmp (not
>just elm) can cause the same problem if someone knows the name of temp
>file in advance and creates a symlink under that name. It would be nice
>to have a way to prevent creating symlinks in /tmp. The setuid bit on
>directories is not used for anything - maybe it could be used for that?
>If it is set, no one except root and the owner of the directory can
>create symlinks in it. This works even for very old programs which
>don't know anything about symlinks and lstat(). It shouldn't be too
>hard to implement in the kernel. Comments?
Even simpler: since symlinks in *any* world-writable directory are
security holes, we'll do good by just prohibiting symlinks if
(dir_mode & 0x2).
This might seem a bit too quick, but there are precedents: setuid
shell scripts are disabled in Linux for security reasons. So why not
disable symlinks in world-writable directories as well?
-- Yu.Shevchuk
