[Mono-bugs] [Bug 77340][Maj] Changed - Local user can overwrite arbitrary file using mono-service

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Thu Nov 16 10:42:42 EST 2006

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by pawel.sakowski at mindbreeze.com.


--- shadow/77340	2006-08-30 06:13:20.000000000 -0400
+++ shadow/77340.tmp.8361	2006-11-16 10:42:42.000000000 -0500
@@ -104,6 +104,18 @@
 shell script because it could not be easily done in C#. As someone
 with not much shell scripting experience I don't know what you mean
 with "The
 shell script is a total hack. It's unsupportable and should not ship
 in its current state." Do you have any suggestions for improvement of
 this script?
+------- Additional Comments From pawel.sakowski at mindbreeze.com  2006-11-16 10:42 -------
+Regarding O_NOFOLLOW:
+I don't think it's enough for a solution. If you drop the "-s" from
+"ln -s /etc/shadow /tmp/foo.exe.lock" (that is, create a hardlink),
+non-root is still permitted to create such a link, and I can't imagine
+that O_NOFOLLOW can prevent opening such a file.
+Go ahead and try your solution out using "Steps to reproduce the
+problem" (with and without -s). They're 100% reproducible, so you will
+know instantly what works and what does not.

More information about the mono-bugs mailing list