On Tue, Jun 01, 2010 at 02:07:34PM -0700, Kees Cook wrote: > > I don't buy it. If we are concerned about the symlinks in the middle of > > pathname, your checks are useless (mkdir /tmp/a, ln -s whatever /tmp/a/b, > > have victim open /tmp/a/b/something). If we are not, then your checks are > > in the wrong place. > > Well, that's not traditionally where the problems happen, but I have no > problem strengthening the protection to include a full examination of the > entire path looking for sticky/world-writable directories. > > If not, what is the right place for the checks? Handling of trailing symlink on open(). At most. And I wouldn't be surprised if the real answer turns out to include "... if we have O_CREAT in flags", but that needs to be determined. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
