Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Linux 2.1.125 doesn't dump core on SIGSEGV

1 view
Skip to first unread message

Chris Wedgwood

unread,
Nov 10, 1998, 3:00:00 AM11/10/98
to
On Wed, Oct 21, 1998 at 07:39:26AM -0700, Eastep, Tom wrote:

> In the last Unix-like file system implementation I worked on, we
> specifically prevented open(.., O_CREAT...) from following trailing
> symlinks (In fact, none of the system calls that create a file
> follow trailing links - mknod(), mkdir(), symlink(), bind() on
> AF_UNIX socket, etc.).

Right now, we don't follow links for O_CREAT|O_EXCL, although now
that O_NOFOLLOW is available, we could arguably allow this and just
force userspace to use it.

> They rather generate an EEXIST error if there exists a symbolic
> link with the passed name. With this approach, exploits of the type
> this thread has been discussing can't occur.

Initially I chose EACES but later changed it to ELOOP to be
consistent with FreeBSD if for no other reason (it is somewhat more
logical too). This is presently the state of 2.1.127.

-cw

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majo...@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Tom Eastep

unread,
Nov 11, 1998, 3:00:00 AM11/11/98
to
Chris Wedgwood wrote:
>
> Right now, we don't follow links for O_CREAT|O_EXCL,

That's what we did as well...

> although now
> that O_NOFOLLOW is available, we could arguably allow this and just
> force userspace to use it.

Yes -- I like that idea but I suspect people are depending on the current
behavior...

>
> Initially I chose EACES but later changed it to ELOOP to be
> consistent with FreeBSD if for no other reason (it is somewhat more
> logical too). This is presently the state of 2.1.127.

I found no guidence from the standards so chose EEXIST because that's what gets
returned if any other type of file with the supplied name exists. OTOH, ELOOP at
does clue the caller that there's a symbolic link involved.

Tom
--
Tom Eastep
COMPAQ Computer Corporation
Enterprise Computing Group
Tandem Division
tom.e...@compaq.com

Alan Cox

unread,
Nov 11, 1998, 3:00:00 AM11/11/98
to
> > that O_NOFOLLOW is available, we could arguably allow this and just
> > force userspace to use it.
>
> Yes -- I like that idea but I suspect people are depending on the current
> behavior...

Quite a few binaries from 2.0 go insecure if you change policy on them

Chris Wedgwood

unread,
Nov 11, 1998, 3:00:00 AM11/11/98
to
On Wed, Nov 11, 1998 at 01:10:41AM +0000, Alan Cox wrote:

> > Yes -- I like that idea but I suspect people are depending on the
> > current behavior...
>
> Quite a few binaries from 2.0 go insecure if you change policy on
> them

Cool... ltes break it in 2.3.x then, perhaps with a prinkt for a bit
to catch the apps. that will break.

Breakage is good.

-cw

0 new messages