* Christoph Anton Mitterer (calestyo@xxxxxxxxxxxx) wrote: > > That said, an ownership check that prevents, among other things, root > > from accidentally falling through a wormhole wouldn't be bad. Attached > > patch against 6.7p1 should do. > > Wouldn't it be the enough to simply check whether > - the socket is owned by the same user > - has mode 600 > - and directory permissions are such, that another user couldn't have > changed this (thinking of ACLs for that) Should there be a hard-link count check also..? Haven't really thought it all the way through, but that's a common thing to check also.. Thanks, Stephen
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev