Hello,
policyd-weight still did not check the working directory correctly.
1st: I assumed [ -L /foo/bar ] is the same as [ -L /foo/bar/ ]
because the -L tells the file test what to look for. But in the
latter form it is checked with S_IFDIR.
We normalize the path with File::Spec->canonpath as s,/+$,, is
not sufficient.
2nd: policyd-weight didn't check the ownership of real directories
which might have been resulted in a race attack. Policyd-weight once
gets the stat/lstat and reuses that information in order to
provide some sort of atomicity of the check_symlnk() sub-routine.
MD5 (policyd-weight) =
68373b7cfeda52b78df6229ed658771e
SHA256 (policyd-weight) =
4245495685e516e00a363a97aaa17456f48c51fcbdb4458989a9d68db64083bc
MD5 (policyd-weight-0.1.14.17.tar.gz) =
c90128d2442ba343e8127dc0dbdcfd9a
SHA256 (policyd-weight-0.1.14.17.tar.gz) =
c13bac397cbd8c018b41686da4e4ce9450fb045752d7f0ab518d9836b39dbf36
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/
