[20929] in bugtraq
nosymfollow Re: SSH allows deletion of other users files...
daemon@ATHENA.MIT.EDU (Jan Grant)
Fri Jun 8 16:05:31 2001
Date: Wed, 6 Jun 2001 09:51:10 +0100 (BST)
From: Jan Grant <Jan.Grant@bristol.ac.uk>
To: bugtraq <bugtraq@securityfocus.com>
In-Reply-To: <Pine.LNX.4.33.0106042203210.13293-100000@clarity.local>
Message-ID: <Pine.GSO.4.31.0106060947460.2880-100000@mail.ilrt.bris.ac.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Mon, 4 Jun 2001, zen-parse wrote:
> [zen@clarity zen]$ rm -r /tmp/ssh-XXW9hNY9/; ln -s / /tmp/ssh-XXW9hNY9
For a long time now I've been mounting /tmp with the "nosymfollow"
option (FreeBSD) - nothing seems to be broken by this, apart from a
whole slew of these kinds of bugs :-)
Apologies for pointing out the obvious; this mount option seems really
useful.
jan (expecting a flood of "but it breaks this" mail now)
--
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287163 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk
YKYBPTMRogueW... you try to move diagonally in vi.
