* Moritz Muehlenhoff <j...@debian.org>, 2014-03-05, 20:03:
* Since Wheezy the Linux kernel features a security mechanism which
nullifies many symlink attacks (fs.protected_symlinks).
For the lazy, documentation of protected_symlinks:
When the value in this file is 0, no restrictions are placed on
following symbolic links (i.e., this is the historical behaviour before
Linux 3.6). When the value in this file is 1, symbolic links are
followed only in the following circumstances:
* the filesystem UID of the process following the link matches the owner
(UID) of the symbolic link (as described in credentials(7), a
process’s filesystem UID is normally the same as its effective UID);
* the link is not in a sticky world‐writable directory; or
* the symbolic link and its parent directory have the same owner (UID)
A system call that fails to follow a symbolic link because of the above
restrictions returns the error EACCES in errno.
We're planning to treat any vulnerabilities which are rendered moot by
this protection as non-issues. If you're using custom Linux kernels
builds you need to enable this option.
It should be noted here that while symlink attack is the most well-known
way to exploit insecure use of /tmp, it is not the only way, and often
even not the most exciting way. The symlink protection does not exempt
you from having to care about using temporary files securely!
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140306114759.ga1...@jwilk.net
