Bugtraq mailing list archives

nosymfollow Re: SSH allows deletion of other users files...

From: Jan Grant <Jan.Grant () bristol ac uk>
Date: Wed, 6 Jun 2001 09:51:10 +0100 (BST)

On Mon, 4 Jun 2001, zen-parse wrote:

 [zen@clarity zen]$ rm -r /tmp/ssh-XXW9hNY9/; ln -s / /tmp/ssh-XXW9hNY9


For a long time now I've been mounting /tmp with the "nosymfollow"
option (FreeBSD) - nothing seems to be broken by this, apart from a
whole slew of these kinds of bugs :-)

Apologies for pointing out the obvious; this mount option seems really
useful.

jan (expecting a flood of "but it breaks this" mail now)

-- 
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287163 Fax +44 (0)117 9287112 RFC822 jan.grant () bris ac uk
YKYBPTMRogueW... you try to move diagonally in vi.

Current thread:

Re: SSH allows deletion of other users files..., (continued)
- - Re: SSH allows deletion of other users files... Markus Friedl (Jun 05)
  - Re: SSH allows deletion of other users files... aleph1 (Jun 05)
- Re: SSH allows deletion of other users files... David F. Skoll (Jun 04)
  - Re: SSH allows deletion of other users files... sarnold (Jun 05)
    - Re: SSH allows deletion of other users files... Markus Friedl (Jun 04)
    - Re: SSH / X11 auth: needless complexity -> security problems? Peter W (Jun 05)
    - Re: SSH / X11 auth: needless complexity -> security problems? Markus Friedl (Jun 08)
    - Re: SSH / X11 auth: needless complexity -> security problems? Theo de Raadt (Jun 10)
    - Message not available
    - Message not available
    - Re: SSH / X11 auth: needless complexity -> security problems? Dale Southard (Jun 08)
    - Re: SSH / X11 auth: needless complexity -> security problems? Casper Dik (Jun 10)
- nosymfollow Re: SSH allows deletion of other users files... Jan Grant (Jun 08)