[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Linux security
From:       Matthias Hoelzer-Kluepfel <mhk () caldera ! de>
Date:       2000-06-15 17:02:49
[Download RAW message or body]

On Thu, 15 Jun 2000, Waldo Bastian wrote:

> This would have prevented the earlier reported kdelibs vulnerability with 
> setuid applications. (It doesn't help us much, because we need to be secure 
> on non-Linux/older Linux platforms as well) From LWN:
> 
> "Symbolic link behavior has changed in recent kernels. If a symbolic link 
> points to a nonexistent file (a "broken link"), an attempt to create the file 
> via the symbolic name will now fail. In other words, 
> 
>                            ln -s no-such-file link
>                            touch link
> 
> will fail with a "no such file or directory" error with recent 2.4.0-test1 
> kernels. With old kernels, instead, no-such-file would be created. A few 
> applications have been broken by this change, leading to complaints."

That is very reasonable.

But for the kdelibs attacks, it would not have helped, as you
can also point the link to an existing file, and use the suid
application to overwrite or exchange it.


Bye,
Matthias.

[prev in list] [next in list] [prev in thread] [next in thread]