El lun, 07-02-2005 a las 11:12 -0800, Chris Wright escribió: > * Lorenzo Hernández García-Hierro ([EMAIL PROTECTED]) wrote: > > This patch adds two checks to do_follow_link() and sys_link(), for > > prevent users to follow (untrusted) symlinks owned by other users in > > world-writable +t directories (i.e. /tmp), unless the owner of the > > symlink is the owner of the directory, users will also not be able to > > hardlink to files they do not own. > > > > The direct advantage of this pretty simple patch is that /tmp races will > > be prevented. > > The disadvantage is that it can break things and places policy in the > kernel.
It's just like DAC then, because it never applies any policy than a simple check relying on kernel's DAC, and standard capabilities & permissions.DAC-related checks are placed all over the place, but maybe the place is lacking of some ones that may be important. About what things it can break, I haven't noticed any issue on it (at least regarding grSecurity or OpenWall), but of course I would appreciate a lot any information on them, so, I could report to the developers that are currently using this in their own solutions. Thanks in advance, Cheers. -- Lorenzo Hernández García-Hierro <[EMAIL PROTECTED]> [1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente
