Re: Linux kernel filesystem oddities

From: Jeffrey Hutzelman (jhutz+@cmu.edu)
Date: Thu Jul 09 1998 - 12:56:59 PDT

Next message: Tiago Luz Pinto: "Re: ePerl: bad handling of ISINDEX queries"

Previous message: Solar Designer: "Re: Forwared to me"
Maybe in reply to: Michal Zalewski: "Linux kernel filesystem oddities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Owners are stored in i-nodes. Directory entries are nothing but
> (filename, i-node number) pairs.
>
> link("publicly-visible-file", "world-writable-directory/blah")
>                 is as anonymous as
> write(open("/world-writable-file", O_WRONLY), "blah", 4)

True.  However, one might argue that the former should fail with
EPERM, unless you happen to own "publicly-visible-file".  In fact,
I thought I saw a patch go through here a while back that did exactly
that, if "world-writable-directory" was also sticky.

In general, publicly-writable directories are a bad thing.  They are
the cause (or at least part of the cause) of numerous vulnerabilites,
most much worse than the DoS attack described here.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
   Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA

Next message: Tiago Luz Pinto: "Re: ePerl: bad handling of ISINDEX queries"
Previous message: Solar Designer: "Re: Forwared to me"
Maybe in reply to: Michal Zalewski: "Linux kernel filesystem oddities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:03:02 PDT