On Fri, Mar 28, 2008 at 09:50:45AM +0100, Robert Felber wrote:
> On Fri, Mar 28, 2008 at 09:40:24AM +0100, Robert Felber wrote:
> > On Thu, Mar 27, 2008 at 11:52:17PM +0100, Andrej Kacian wrote:
> > > On Tue, 25 Mar 2008 01:40:31 +0100
> > > Robert Felber <[EMAIL PROTECTED]> wrote:
> > >
> > > > the new version addresses the issue below. Policyd-weight does now exit
> > > > if it
> > > > detects symlinks on directories or sockets at startup or directory
> > > > creation.
> > >
> > > Hello Robert,
> > >
> > > I'm afraid 0.1.14.15 doesn't fix the issue reported.
> > >
> > > By symlinking /tmp/.policyd-weight to /root and starting policyd-weight,
> > > I was
> > > still able to change ownership of /root directory to user policyd-weight
> > > is
> > > configured to run as.
> >
> > Thanks for reporting.
> >
> > This is weird, and I am a little bit confused:
> >
> > # perl -wle 'if(-l "/tmp/.policyd-weight"){ print "err" }'
> > err
> >
> > The question is now, why the same test in policyd-weight is
> > not resulting in a true value.
>
>
> strace of policyd-weight:
> lstat("/tmp/.policyd-weight/", {st_mode=S_IFDIR|0700, st_size=512, ...}) = 0
>
> strace of command line perl:
> lstat("/tmp/.policyd-weight", {st_mode=S_IFLNK|0700, st_size=18, ...}) = 0
>
> strace of command line perl with trailing slash:
> lstat("/tmp/.policyd-weight/", {st_mode=S_IFDIR|0700, st_size=512, ...}) = 0
>
>
> other test:
>
> # if [ -L /tmp/.policyd-weight ]; then echo err; fi
> err
> # if [ -L /tmp/.policyd-weight/ ]; then echo err; fi
> #
>
> What the? If I want a check for -d then I'd say so.
>
> I am a bit puzzled on how to handle this, and - who to blame.
>
> However, I will strip trailing / as a workaround.
I'll update the releases today.
Patch below:
--- /old/policyd-weight Tue Mar 25 00:25:39 2008
+++ /new/policyd-weight Fri Mar 28 10:06:46 2008
@@ -23,9 +23,9 @@
# see http://spf.pobox.com/
#
# AUTHOR: [EMAIL PROTECTED]
-# DATE: Mon Mar 24 23:59:00 CET 2008
+# DATE: Fri Mar 28 10:08:42 CET 2008
# NAME: policyd-weight
-# VERSION: 0.1.14 beta-15
+# VERSION: 0.1.14 beta-16
# URL: http://www.policyd-weight.org/
@@ -78,7 +78,7 @@
use vars qw($csock $s $tcp_socket $sock $new_sock $old_mtime);
-our $VERSION = "0.1.14 beta-15";
+our $VERSION = "0.1.14 beta-16";
our $CVERSION = 5; # cache interface version
our $CMD_DEBUG = 0; # -d switch
our $KILL; # -k switch
@@ -3624,7 +3624,13 @@
my $who = shift;
for ( @_ )
{
- if( -l $_ )
+
+ # strip trailing '/'
+ # perl and test(1) ignore the request for -l/-L and
+ # do a lstat with S_IFDIR (added in 0.1.14 beta-16)
+ s/\/+$//;
+
+ if ( -l $_ )
{
fatal_exit("$who: $_ is a symbolic link. Symbolic links are not
expected and not allowed within policyd-weight. Exiting!");
}
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/
