On Fri, Mar 28, 2008 at 09:40:24AM +0100, Robert Felber wrote:
> On Thu, Mar 27, 2008 at 11:52:17PM +0100, Andrej Kacian wrote:
> > On Tue, 25 Mar 2008 01:40:31 +0100
> > Robert Felber <[EMAIL PROTECTED]> wrote:
> > 
> > > the new version addresses the issue below. Policyd-weight does now exit 
> > > if it
> > > detects symlinks on directories or sockets at startup or directory 
> > > creation.
> > 
> > Hello Robert,
> > 
> > I'm afraid 0.1.14.15 doesn't fix the issue reported.
> > 
> > By symlinking /tmp/.policyd-weight to /root and starting policyd-weight, I 
> > was
> > still able to change ownership of /root directory to user policyd-weight is
> > configured to run as.
> 
> Thanks for reporting.
> 
> This is weird, and I am a little bit confused:
> 
> # perl -wle 'if(-l "/tmp/.policyd-weight"){ print "err" }'
> err
> 
> The question is now, why the same test in policyd-weight is
> not resulting in a true value.


strace of policyd-weight:
lstat("/tmp/.policyd-weight/", {st_mode=S_IFDIR|0700, st_size=512, ...}) = 0

strace of command line perl:
lstat("/tmp/.policyd-weight", {st_mode=S_IFLNK|0700, st_size=18, ...}) = 0

strace of command line perl with trailing slash:
lstat("/tmp/.policyd-weight/", {st_mode=S_IFDIR|0700, st_size=512, ...}) = 0


other test:

# if [ -L /tmp/.policyd-weight ]; then echo err; fi
err
# if [ -L /tmp/.policyd-weight/ ]; then echo err; fi
#

What the? If I want a check for -d then I'd say so.

I am a bit puzzled on how to handle this, and - who to blame.

However, I will strip trailing / as a workaround.



-- 
    Robert Felber (PGP: 896CF30B)
    Munich, Germany

____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/

Reply via email to