Quoting Kees Cook (kees.cook@xxxxxxxxxxxxx): > A long-standing class of security issues is the symlink-based > time-of-check-time-of-use race, most commonly seen in world-writable > directories like /tmp. The common method of exploitation of this flaw > is to cross privilege boundaries when following a given symlink (i.e. a > root process follows a symlink belonging to another user). For a likely > incomplete list of hundreds of examples across the years, please see: > http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=/tmp That is quite a list :) > +int cap_inode_follow_link(struct dentry *dentry, > + struct nameidata *nameidata) > +{ > + const struct inode *parent = dentry->d_parent->d_inode; > + const struct inode *inode = dentry->d_inode; > + const struct cred *cred = current_cred(); > + > + if (weak_sticky_symlinks) > + return 0; > + > + if (S_ISLNK(inode->i_mode) && Q: is the S_ISLNK() check actually needed? In either case: Acked-by: Serge E. Hallyn <serue@xxxxxxxxxx> thanks, -serge -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
