Symbolic Links VS. Security
Steve Glaser
steveg at hammer.UUCP
Tue Nov 20 20:08:16 AEST 1984
Symbolic links are not a security hole to "normal" users. There is no
bypassing of normal kernel level protection checks for the directories
traversed along a pathname or for the file eventually pointed to.
The only kind of programs that can have trouble are those that try to
build restricted environments (restricted shell for instance). Even
there, the hole is not in the normal unix protection checks, but rather
that the program implementing the restricted environment is not
sufficiently restricted. That is certainly an issue, but it is an
incompatability issue that MAY introduce security problems into existing
restricted environments, not a security hole in the kernel protections.
Summary:
If I "chmod 700 dir" there is no NEW way that anyone other than me (or
root) can get into dir. (where NEW means introduced by 4.2 BSD).
Steve Glaser
tektronix!steveg
steveg.tektronix at csnet-relay
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list