Re: what's up with security?

To: Gergely Madarasz <gorgo@sztaki.hu>
Cc: debian-devel@lists.debian.org, security@debian.org
Subject: Re: what's up with security?
From: grendel@vip.net.pl (Marek Habersack)
Date: Thu, 25 May 2000 17:01:14 +0200
Message-id: <[🔎] 20000525170114.A21090@vip.net.pl>
Reply-to: grendel@vip.net.pl
In-reply-to: <[🔎] Pine.GSO.4.10.10005251556410.24780-100000@lutra.sztaki.hu>; from gorgo@sztaki.hu on Thu, May 25, 2000 at 04:01:36PM +0200
References: <[🔎] 20000525155541.D19248@vip.net.pl> <[🔎] Pine.GSO.4.10.10005251556410.24780-100000@lutra.sztaki.hu>

** On May 25, Gergely Madarasz scribbled:
> On Thu, 25 May 2000, Marek Habersack wrote:
> 
> > Also mailman has a problem with symlinks when running on a kernel with the
> > Solar Designer's openwall security patch. Namely, mailman creates temporary
> > files when moving them around using hardlinks. In general, it does the
> > hardlinks in the same directory where the file sits and if the directory
> > has the t bit set, openwall patch forbids mailman to create the hardlink.
> > Same goes when /tmp is used for hardlinking. It's a totally flawed way of
> > moving files around, but inspite a discussion on that topic somewhere last
> > year, nobody changed it - for me, personally, mailman became unusable.
> 
> Wrong. Mailman never touches anything in +t directories. Openwall (and
I don't know (or want to know) Python well enough to examine the Mailman
sources carefully, what I know is that I get an error message on console
every time anyone posts anything that gets processed by Mailman and the
_only_ +t directories Mailman has access to are /tmp, /var/tmp...

> Solar Designer's patch) restricts hardlinks in any directory, so one
From the OW README:

 Restricted links in /tmp
--------------------------

I've also added a link-in-+t restriction, originally for Linux 2.0 only,
                  ^^^^^^^^^^^
by Andrew Tridgell.  I've updated it to prevent from using a hard link in
an attack instead, by not allowing regular users to create hard links to
files they don't own.  This is usually the desired behavior anyway, since
           ^^^^^^^^^
otherwise users couldn't remove such links they've just created in a +t
directory, and because of disk quotas.


> can't _HARD_link to an already existing file if it's owned by someone
that's what I said, hardlink.

> else even if one has write access to it. This is a flaw in mailmans
> design, it uses group permissions to handle stuff (and uses the web user,
> mail user, and the local mailman/list user for different tasks).
Exactly. That was the reason Mailman stopped working for me and I had to
ditch it, although I wasn't happy about that. And a flaw in design is a bug
no matter from what direction one looks at it. 

marek

Attachment: pgpDzYcArwBzu.pgp
Description: PGP signature

Reply to:

References:
- Re: what's up with security?
  - From: grendel@vip.net.pl (Marek Habersack)
- Re: what's up with security?
  - From: Gergely Madarasz <gorgo@sztaki.hu>

Prev by Date: Re: Bug#64605: Gets confused if repacking in user home directory
Next by Date: 2.2.13 issues [was:Re: Bug#64605: Gets confused if repacking in user home directory]
Previous by thread: Re: what's up with security?
Next by thread: Re: what's up with security?
Index(es):
- Date
- Thread