[Mono-bugs] [Bug 77340][Maj] Changed - Local user can overwrite arbitrary file using mono-service
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Thu Nov 16 10:42:42 EST 2006
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by pawel.sakowski at mindbreeze.com.
http://bugzilla.ximian.com/show_bug.cgi?id=77340
--- shadow/77340 2006-08-30 06:13:20.000000000 -0400
+++ shadow/77340.tmp.8361 2006-11-16 10:42:42.000000000 -0500
@@ -104,6 +104,18 @@
shell script because it could not be easily done in C#. As someone
with not much shell scripting experience I don't know what you mean
with "The
shell script is a total hack. It's unsupportable and should not ship
in its current state." Do you have any suggestions for improvement of
this script?
+
+------- Additional Comments From pawel.sakowski at mindbreeze.com 2006-11-16 10:42 -------
+Regarding O_NOFOLLOW:
+
+I don't think it's enough for a solution. If you drop the "-s" from
+"ln -s /etc/shadow /tmp/foo.exe.lock" (that is, create a hardlink),
+non-root is still permitted to create such a link, and I can't imagine
+that O_NOFOLLOW can prevent opening such a file.
+
+Go ahead and try your solution out using "Steps to reproduce the
+problem" (with and without -s). They're 100% reproducible, so you will
+know instantly what works and what does not.
More information about the mono-bugs
mailing list