On Fri, Mar 28, 2008 at 09:40:24AM +0100, Robert Felber wrote: > On Thu, Mar 27, 2008 at 11:52:17PM +0100, Andrej Kacian wrote: > > On Tue, 25 Mar 2008 01:40:31 +0100 > > Robert Felber <[EMAIL PROTECTED]> wrote: > > > > > the new version addresses the issue below. Policyd-weight does now exit > > > if it > > > detects symlinks on directories or sockets at startup or directory > > > creation. > > > > Hello Robert, > > > > I'm afraid 0.1.14.15 doesn't fix the issue reported. > > > > By symlinking /tmp/.policyd-weight to /root and starting policyd-weight, I > > was > > still able to change ownership of /root directory to user policyd-weight is > > configured to run as. > > Thanks for reporting. > > This is weird, and I am a little bit confused: > > # perl -wle 'if(-l "/tmp/.policyd-weight"){ print "err" }' > err > > The question is now, why the same test in policyd-weight is > not resulting in a true value.
strace of policyd-weight: lstat("/tmp/.policyd-weight/", {st_mode=S_IFDIR|0700, st_size=512, ...}) = 0 strace of command line perl: lstat("/tmp/.policyd-weight", {st_mode=S_IFLNK|0700, st_size=18, ...}) = 0 strace of command line perl with trailing slash: lstat("/tmp/.policyd-weight/", {st_mode=S_IFDIR|0700, st_size=512, ...}) = 0 other test: # if [ -L /tmp/.policyd-weight ]; then echo err; fi err # if [ -L /tmp/.policyd-weight/ ]; then echo err; fi # What the? If I want a check for -d then I'd say so. I am a bit puzzled on how to handle this, and - who to blame. However, I will strip trailing / as a workaround. -- Robert Felber (PGP: 896CF30B) Munich, Germany ____________________________________________________________ Policyd-weight Mailinglist - http://www.policyd-weight.org/