[820] in linux-security and linux-alert archive
[linux-security] Disabeling symlinks? No! don't write to /tmp!
daemon@ATHENA.MIT.EDU (Rogier Wolff)
Mon Jun 17 10:33:35 1996
To: linux-security@tarsier.cv.nrao.edu
Date: Mon, 17 Jun 1996 10:14:00 +0200 (METDST)
From: R.E.Wolff@et.tudelft.nl (Rogier Wolff)
X-Return-Receipt-To: wolff@erasmus.et.tudelft.nl
> On Wed, 12 Jun 1996 ichudov@algebra.com wrote:
>
> > you $ ln -s /etc/passwd /tmp/request-route
> > you$ ping 204.251.80.30
>
> Given that we have had multiple reports of security holes related
> to symbolic links in publicly writeable directories, it might
> be time to consider a kernel patch which would allow us to set
> a flag on a directory which:
Reasonable. However, the main point is not that symlinks are dangerous
(they are just one way to exploit the root of the problem), the
dangerous part is that a process with root-priviliges is writing to a
publicly writable directory.
The correct way to improve security in this case would be to define
a directory e.g. "/stmp" which is a directory that should be used by
all programs that need temp files, whenever they have root-priviliges.
so opening a tempfile should be:
fp = fopen ("/stmp/my_temp_file");
if (!fp) fp = fopen ("/tmp/my_temp_file");
If the first fopen succeeds, we are priviliged, and should use the
/stmp directory. (whenever acl's or the like are implemented, programs
that now require a setgid bit may be added to the list of programs that
are allowed to write to /stmp to increase security even further)
Roger.
--
** Q: What's the difference between MicroSoft Windows and a virus? **
** A: Apart from the fact that virusses install easier, none. **
** EMail: R.E.Wolff@et.tudelft.nl * Tel +31-15-2783643 or +31-15-2137459 **
*** <a href="http://einstein.et.tudelft.nl/~wolff/">my own homepage</a> ***