Re: don't casually do things in /tmp directly (was: Strange issue)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Neven Sajko wrote:
> I used makepkg to build a package from /tmp. The package was then put
> to the designated directory and a symlink to pwd. When I try to install
> it with pacman -U /tmp/symlink-to-package, I get an error (permission
> denied) which I don't get when invoking pacman -U directly with the
> name of the file (not with the symbolic link). See, like this:
> 
> [root@lnv64 tmp]# pacman -U /tmp/lomoco-1.0-9-x86_64.pkg.tar
> loading packages...
> error: '/tmp/lomoco-1.0-9-x86_64.pkg.tar': permission denied
[...]
> So from this line:
> access("/tmp/lomoco-1.0-9-x86_64.pkg.tar", R_OK) = -1 EACCES (Permission denied)
> we see that the kernel call access() reports that root doesn't have
> read access to a 777-permissible file?!
> Maybe it matters that it's on tmpfs and/or a symlink?

This is probably due to the fs.protected_symlinks sysctl being turned on,
which I believe it is by default in Arch.  Most symlinks in world-writable
sticky directories (like /tmp) are not followed except by processes running
as the user that created them.  This is to prevent common attacks where a
privileged process tries to access what it thinks is not a symlink, but
another process manages to insert a symlink to an unrelated file so that
the privileged process performs the wrong access.

It's not a good idea to build things directly in /tmp like that anyway, for
more or less that reason.  Creating a subdirectory of /tmp for each new
"action" that needs temporary files is a better approach.

   ---> Drake Wilson


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux