[805] in linux-security and linux-alert archive
Re: [linux-security] Big security hole in kerneld's request_route
daemon@ATHENA.MIT.EDU (Mark Whitis)
Sun Jun 16 15:30:26 1996
Date: Thu, 13 Jun 1996 17:28:28 -0400 (EDT)
From: Mark Whitis <whitis@dbd.com>
To: ichudov@algebra.com
cc: linux-alert@tarsier.cv.nrao.edu, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199606130421.XAA00723@manifold.algebra.com>
On Wed, 12 Jun 1996 ichudov@algebra.com wrote:
> you $ ln -s /etc/passwd /tmp/request-route
> you$ ping 204.251.80.30
Given that we have had multiple reports of security holes related
to symbolic links in publicly writeable directories, it might
be time to consider a kernel patch which would allow us to set
a flag on a directory which:
- prevents creation of symbolic links (except, perhaps,
to files which already exist and are owned by the
owner of the link) except by root or some specified
group.
- propagates to all directories created under that directory.
It could also be implemented via some list of protected trees:
/etc/nosymlinks:
/tmp
/var/tmp
But this would probably be much harder to implement, particularly
correctly, than a flag on a directory.
Another alternative, since permission bits may be limited, is
to create a special group "nosymlink" and make the directories
in question owned by that group and have the kernel setup
to provide the restrictions listed above (including propagation) PLUS
prevent the owner from setting the setgid bit or changing the group.
This could interfere with file transfer from one user to another
through tmp unless they made it world writable.
Another method would be to create a mount option "nosymlinks", similar
to "nosuid", and put your publicly writeable filesystems there.
The best method would be to incorporate the feature into the ACL
mechanism when it gets here.
---------------------------------------------------------------------------
--- Mark Whitis <whitis@dbd.com> WWW: http://www.dbd.com/~whitis/ ---
--- 428-B Moseley Drive; Charlottesville, VA 22903 804-962-4268 ---
---------------------------------------------------------------------------