funsec mailing list archives

Re: symlink creation (and sudo)

From: Damian Gerow <dgerow () afflictions org>
Date: Thu, 27 May 2010 14:24:41 -0400

der Mouse wrote:
: Probably not.  Symlinks don't point to files; they point to paths.  It
: is really very hard to do what you want here.  Cnsider:
: 
: % pwd
: /home/mouse
: % mkdir -p foo/bar
: % cd foo/bar
: % mkdir etc
: % echo hello > etc/passwd
: % mkdir -p home/mouse/king
: % ln -s ../../../etc/passwd home/mouse/king/bob
: 
: So far, everything has been totally sane: all my own files and
: directories, all perfectly reasonable.  But now:
: 
: % mv home/mouse/king ~
: 
: Suddenly the file the bob symlink - now accessible as king/bob from my
: homedir - points to is the real /etc/passwd.

Ah, I hadn't thought of that scenario.  Alright, I see what Valdis was
driving at (voodoo security and MAC) now.

Thanks!
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

symlink creation (and sudo) Damian Gerow (May 27)
- Re: symlink creation (and sudo) Bill Weiss (May 27)
- Re: symlink creation (and sudo) Valdis . Kletnieks (May 27)
  - Re: symlink creation (and sudo) Damian Gerow (May 27)
    - Re: symlink creation (and sudo) Valdis . Kletnieks (May 27)
- Re: symlink creation (and sudo) der Mouse (May 27)
  - Re: symlink creation (and sudo) Damian Gerow (May 27)