[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Re: who owns what

From: Philip Webb
Subject: Re: lynx-dev Re: who owns what
Date: Sat, 10 Oct 1998 11:57:34 -0400 (EDT)

981010 Larry Virden wrote: 
> $ id
> uid=203(lwv26) gid=288(dept26)
> $ ls -l /tmp/not-there /tmp/l-not-there
> ls: /tmp/not-there: No such file or directory
> ls: /tmp/l-not-there: No such file or directory
> $ ln -s /tmp/not-there /tmp/l-not-there
> $ ls -l /tmp/not-there /tmp/l-not-there
> ls: /tmp/not-there: No such file or directory
> lrwxrwxrwx   1 lwv26    dept26         14 Oct 10 09:59 /tmp/l-not-there -> 
> /tmp/not-there
> $ ls -l /etc/passwd
> -rw-r--r--   1 root     sys           501 Oct 10 01:43 /etc/passwd
> ls: /tmp/l-passwd: No such file or directory
> $ ln -s /etc/passwd /tmp/l-passwd
> $ ls -l /etc/passwd /tmp/l-passwd
> -rw-r--r--   1 root     sys           501 Oct 10 01:43 /etc/passwd
> lrwxrwxrwx   1 lwv26    dept26         11 Oct 10 10:00 /tmp/l-passwd -> 
> /etc/passwd
> Bela is saying nothing but the truth
> with regard to BSD and System V.4 based systems with symlinks.
your commands & output reproduce here at CHASS, except the last  2  lines,
where the permissions are  -r--r--r--  &  lrwx------ ;
of course, they say  `purslow user' a/a `lwv26 dept26';
i can also link to a non-existent file in a colleague's home directory
(the system refuses to delete any item not under my home directory,
but i assume it will zap the  2  /tmp  files soon enough ... ).

i did not doubt BL's word re what you may be able to do with symlinks,
but it's not clear the security problem he describes could occur at CHASS.

suppose i have a file  /homes/purslow/vital
& Enemy creates a symlink to it called  /tmp/dagger :
on CHASS the latter will have the permission  lrwx------ ,
ie only Enemy can (over)write  /tmp/dagger -> /homes/purslow/vital ,
but no-one else, incl me running Lynx.
further, Enemy's write permission for  /tmp/dagger  can't allow him
to overwrite just ANY file out there he chooses to link it to:
it's a danger ONLY if he can delude ME into doing it for him,
eg by running a suitable version of Lynx (or some other program),
but here on CHASS, that's impossible, since the system will choke
when Lynx asks it to allow me to write Enemy's  /tmp/dagger :
"You don't got permission, see:  lrwx------ ".

so no sir, i don't need your E-Wiz(TM) super-excluder force field,
i already have a perfectly good steel door with a deadlock ...

SUPPORT     ___________//___,  Philip Webb : address@hidden
ELECTRIC   /] [] [] [] [] []|  Centre for Urban & Community Studies
TRANSIT    `-O----------O---'  University of Toronto

reply via email to

[Prev in Thread] Current Thread [Next in Thread]