On Tue, 2 Apr 2002 06:48, Crispin Cowan wrote: > Russell Coker wrote: > >On Tue, 2 Apr 2002 05:03, Chris Wright wrote: > >>somehow i missed this. how does the sym-link handling break? > > > >Simple, I created a symlink under /tmp to /etc/passwd, then did "cat > >/tmp/passwd" as another user and saw the contents of the password file. > > Not what I wanted to happen. > > That is not what the OWLSM module is supposed to do. It has two > protections: > > * Hard links: processes may not make hard links to files they do not > have write access to > * Sym links: root processes may not follow symlinks that are not > owned by root > > Your test above does not violate these policies. OK. I've just created a hard link from /etc/passwd to /tmp as a regular user, then I created a symbolic link in /tmp pointing to /etc/passwd and when I cat'd the link as root I saw /etc/passwd. It doesn't seem to work at all. But I guess this is the SE Linux and OWLSM stacking issue. -- If you send email to me or to a mailing list that I use which has >4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 01 2002 - 23:32:36 PST