Re: Re: Re: dpkg behavior when following symlinks
On 11/22/19 12:30 PM, Guillem Jover wrote:
> On Fri, 2019-11-22 at 17:36:21 +0000, Alejandro Del Castillo wrote:
>> I was pretty mystified on what's different...then I realized that the
>> issue only happens when following symlinks on tmpfs (/tmp). Adding an
>> extra directory (tmp) to the dpkg-test example reproduces the failure.
>> At the end of the email, I have a patch that modifies the tests to show
>> the failure (I tried attaching the patch to the email, but that made the
>> list bot swallow my message).
>> Is this a know issue or expected behavior?
> Ok, the problem would be due to /proc/sys/fs/protected_symlinks being
> set to 1.
Ah!, that explains it!
> So, I guess this is expected in the sense that letting [od]pkg write
> into something with the properties of /tmp is insecure anyway, and
> it should not be done. :)
> Otherwise this is supported and should work.
Thanks a lot Guillem, glad we got to the bottom of it.