Bugtraq mailing list archives
Re: Fix for ssh-1.2.27 symlink/bind problem
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Wed, 6 Oct 1999 11:06:07 +0200
It has always been my understanding of UNIX sockets that they need not appear in the filesystem at all; whether inodes and directory entries are allocated for them is an implementation detail. The only guarantee is that if one process is listen()ing on a socket, and another process connect()s to a socket with the same path, they will be talking to each other.
Yes, that's in the 4.2 BSD manuals.
If this is not the desired behavior, at least a mechanism needs to be provided which can instruct the kernel not to follow symlinks (like the O_EXCL or O_NOFOLLOW flags passed to open(2) on BSD or Linux) when binding to a UNIX domain socket.
It would be interesting to make a comparison between the various flavours of Unix and the various system calls that create non files to see whether they follow symlinks or not. On Solaris, only open(O_CREAT) (w/o O_EXCL) and creat() do so; the following do not follow symbolic links as the last component of the pathname: mknod (making pipes or devices) mkdir bind (others?) (doors are created as files followed by fattach, so the user has control) Casper
Current thread:
- Re: Fix for ssh-1.2.27 symlink/bind problem Scott Gifford (Oct 04)
- <Possible follow-ups>
- Re: Fix for ssh-1.2.27 symlink/bind problem Scott Gifford (Oct 04)
- SCO UnixWare 7.1 local root exploit Brock Tellier (Oct 05)
- Re: Fix for ssh-1.2.27 symlink/bind problem Casper Dik (Oct 06)
- Re: Fix for ssh-1.2.27 symlink/bind problem Phillip Vandry (Oct 06)
- Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema (Oct 06)
- Re: Fix for ssh-1.2.27 symlink/bind problem Markus Friedl (Oct 25)
- Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema (Oct 25)
- Re: Fix for ssh-1.2.27 symlink/bind problem Markus Friedl (Oct 26)
- Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema (Oct 27)
- ExpressFS 2.x FTPServer remotely exploitable buffer overflow vulnerability Luciano Martins (Jul 29)
- Vulnerability in CMail SMTP Server Version 2.4: Remotely exploitable buffer Luciano Martins (Jul 29)
- AW: Mac OS 9 Idle Lock Bug Flothow, Sebastian (Oct 29)
- Re: Fix for ssh-1.2.27 symlink/bind problem Casper Dik (Oct 29)