[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: what's up with security?

** On May 25, Gergely Madarasz scribbled:
> On Thu, 25 May 2000, Marek Habersack wrote:
> > Also mailman has a problem with symlinks when running on a kernel with the
> > Solar Designer's openwall security patch. Namely, mailman creates temporary
> > files when moving them around using hardlinks. In general, it does the
> > hardlinks in the same directory where the file sits and if the directory
> > has the t bit set, openwall patch forbids mailman to create the hardlink.
> > Same goes when /tmp is used for hardlinking. It's a totally flawed way of
> > moving files around, but inspite a discussion on that topic somewhere last
> > year, nobody changed it - for me, personally, mailman became unusable.
> Wrong. Mailman never touches anything in +t directories. Openwall (and
I don't know (or want to know) Python well enough to examine the Mailman
sources carefully, what I know is that I get an error message on console
every time anyone posts anything that gets processed by Mailman and the
_only_ +t directories Mailman has access to are /tmp, /var/tmp...

> Solar Designer's patch) restricts hardlinks in any directory, so one
From the OW README:

 Restricted links in /tmp

I've also added a link-in-+t restriction, originally for Linux 2.0 only,
by Andrew Tridgell.  I've updated it to prevent from using a hard link in
an attack instead, by not allowing regular users to create hard links to
files they don't own.  This is usually the desired behavior anyway, since
otherwise users couldn't remove such links they've just created in a +t
directory, and because of disk quotas.

> can't _HARD_link to an already existing file if it's owned by someone
that's what I said, hardlink.

> else even if one has write access to it. This is a flaw in mailmans
> design, it uses group permissions to handle stuff (and uses the web user,
> mail user, and the local mailman/list user for different tasks).
Exactly. That was the reason Mailman stopped working for me and I had to
ditch it, although I wasn't happy about that. And a flaw in design is a bug
no matter from what direction one looks at it. 


Attachment: pgpthAmjxA2nD.pgp
Description: PGP signature

Reply to: