[12142] in bugtraq
Re: Fix for ssh-1.2.27 symlink/bind problem
daemon@ATHENA.MIT.EDU (Toomas Kiisk)
Wed Oct 6 14:42:40 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.9910052157010.14743-100000@kiku.itsise>
Date: Tue, 5 Oct 1999 22:08:00 +0300
Reply-To: Toomas Kiisk <vix@CYBER.EE>
From: Toomas Kiisk <vix@CYBER.EE>
X-To: Eivind Eklund <eivind@FREEBSD.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19991004103502.I71340@bitbox.follo.net>
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 4 Oct 1999, Eivind Eklund wrote:
> On Sat, Oct 02, 1999 at 06:38:46PM -0400, Scott Gifford wrote:
> > I've put together a patch that lets ssh work around the OS bug that
> > allows bind to follow symlinks.
>
> There isn't general consensus that this is an OS bug. We (as in
> FreeBSD) have installed a workaround consisting of blocking symlink
> following for the case, but we have not yet decided if we should make
> this permanent.
>
Look at bind(2) definition of latest Single UNIX spec, and pay
special attention to errno values (ELOOP is there).
> In my opinion, ssh is clearly the buggy party here; not following
> symlinks in the OS is just a workaround to avoid buggy programs
> causing problems.
Right.
- --
vix
http://home.cyber.ee/vix/pubkey.asc
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBN/pMl3lRrtGcyfHdAQF+LwP9E4D42xJMWxvZtJ/D7BIfdN+okohM98Gj
I5L/+UYfIC3LztjHmAKQbjTIQPkGLcPrmhokRL9bwc32DdEb9cqHsSaqe77GNVEH
S485ouIfIIai84bOfQlvVbcdZ0eSktfEHRGNErN1vPxJ06fe/MOzgjmkGKi1mM30
xJRCEe9rRWg=
=NE4F
-----END PGP SIGNATURE-----
