Chris Keane wrote: > Surely this still isn't ideal, though? It now won't overwrite root-owned > files, so the security hazard isn't there, but anyone on the system can > still fool a user into overwriting one of his own files, which is not > great. No. The code in newchannels.c checks to make sure that the directory where the socket is about to be created is owned by the user, and readable/writable only to this user. A user could create a symbolic link that points to some file in a directory they already have write permission to, but that's no big feat. (Existing files aren't overwritten by bind() either, even when symlinks are followed. If the symlink target exists, bind() returns "address in use". At least that's the case on Digital Unix.) Jeff's patch implements an approach that Dan Astoorian suggested to me off the list, and we both agree it is a reasonable approach. -- ---------------------------------------------------------------------- Sylvain Robitaille sylat_private Systems Manager Concordia University Instructional & Information Technology Montreal, Quebec, Canada ----------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:06:32 PDT