Re: chflags/symlinks
From: Bruce Evans (bde@zeta.org.au)
Date: 03/22/01
- Next message: Mike Harding: "Re: IPSEC/VPN/NAT and filtering"
- Previous message: thinker: "Hang forever at LAST_ACK"
- In reply to: Crist J. Clark: "Re: chflags/symlinks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 22 Mar 2001 19:32:29 +1100 (EST) From: Bruce Evans <bde@zeta.org.au> To: cjclark@alum.mit.edu
On Wed, 21 Mar 2001, Crist J. Clark wrote:
> On Tue, Mar 20, 2001 at 05:57:23AM -0600, J.A. Terranson wrote:
> > Problem: There is no way to secure (schg, etc) the link. I can
> > secure the files to which they point, but not the links
> > themselves. Theoretically, an attack can be launched by deleting the
> > symlinks and creating new ones, rather than altering the files directly
> > (as they are safe under securelevel 3).
> >
> > For us, the issue has been nighty cleanup routines killing the
> > symlinks, and thereby breaking *everything* :-(
> >
> > I there is something I have missed here, I would *love* to know...
I think lchflags(2) should exist someday. I first learned of this problem
if private followup of PR25018 (the followup was mostly about utilities not
yet actually using the new 'l' calls).
>
> You can schg the directory in which the symlinks are in. That of
> course may or may not be practical for you.
Bruce
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Mike Harding: "Re: IPSEC/VPN/NAT and filtering"
- Previous message: thinker: "Hang forever at LAST_ACK"
- In reply to: Crist J. Clark: "Re: chflags/symlinks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
