On Fri, Mar 28, 2008 at 09:50:45AM +0100, Robert Felber wrote: > On Fri, Mar 28, 2008 at 09:40:24AM +0100, Robert Felber wrote: > > On Thu, Mar 27, 2008 at 11:52:17PM +0100, Andrej Kacian wrote: > > > On Tue, 25 Mar 2008 01:40:31 +0100 > > > Robert Felber <[EMAIL PROTECTED]> wrote: > > > > > > > the new version addresses the issue below. Policyd-weight does now exit > > > > if it > > > > detects symlinks on directories or sockets at startup or directory > > > > creation. > > > > > > Hello Robert, > > > > > > I'm afraid 0.1.14.15 doesn't fix the issue reported. > > > > > > By symlinking /tmp/.policyd-weight to /root and starting policyd-weight, > > > I was > > > still able to change ownership of /root directory to user policyd-weight > > > is > > > configured to run as. > > > > Thanks for reporting. > > > > This is weird, and I am a little bit confused: > > > > # perl -wle 'if(-l "/tmp/.policyd-weight"){ print "err" }' > > err > > > > The question is now, why the same test in policyd-weight is > > not resulting in a true value. > > > strace of policyd-weight: > lstat("/tmp/.policyd-weight/", {st_mode=S_IFDIR|0700, st_size=512, ...}) = 0 > > strace of command line perl: > lstat("/tmp/.policyd-weight", {st_mode=S_IFLNK|0700, st_size=18, ...}) = 0 > > strace of command line perl with trailing slash: > lstat("/tmp/.policyd-weight/", {st_mode=S_IFDIR|0700, st_size=512, ...}) = 0 > > > other test: > > # if [ -L /tmp/.policyd-weight ]; then echo err; fi > err > # if [ -L /tmp/.policyd-weight/ ]; then echo err; fi > # > > What the? If I want a check for -d then I'd say so. > > I am a bit puzzled on how to handle this, and - who to blame. > > However, I will strip trailing / as a workaround.
I'll update the releases today. Patch below: --- /old/policyd-weight Tue Mar 25 00:25:39 2008 +++ /new/policyd-weight Fri Mar 28 10:06:46 2008 @@ -23,9 +23,9 @@ # see http://spf.pobox.com/ # # AUTHOR: [EMAIL PROTECTED] -# DATE: Mon Mar 24 23:59:00 CET 2008 +# DATE: Fri Mar 28 10:08:42 CET 2008 # NAME: policyd-weight -# VERSION: 0.1.14 beta-15 +# VERSION: 0.1.14 beta-16 # URL: http://www.policyd-weight.org/ @@ -78,7 +78,7 @@ use vars qw($csock $s $tcp_socket $sock $new_sock $old_mtime); -our $VERSION = "0.1.14 beta-15"; +our $VERSION = "0.1.14 beta-16"; our $CVERSION = 5; # cache interface version our $CMD_DEBUG = 0; # -d switch our $KILL; # -k switch @@ -3624,7 +3624,13 @@ my $who = shift; for ( @_ ) { - if( -l $_ ) + + # strip trailing '/' + # perl and test(1) ignore the request for -l/-L and + # do a lstat with S_IFDIR (added in 0.1.14 beta-16) + s/\/+$//; + + if ( -l $_ ) { fatal_exit("$who: $_ is a symbolic link. Symbolic links are not expected and not allowed within policyd-weight. Exiting!"); } -- Robert Felber (PGP: 896CF30B) Munich, Germany ____________________________________________________________ Policyd-weight Mailinglist - http://www.policyd-weight.org/