Bug#298985: libc6-dev: ruserok failes when hosts.equiv and .rhosts are symlinks
On Mon, Mar 14, 2005 at 11:10:50PM +0900, GOTO Masanori wrote:
> At Thu, 10 Mar 2005 15:11:06 -0800,
> Ryan Lovett wrote:
> > I don't know if this is intentional, but if /etc/hosts.equiv or .rhosts
> > are symlinks, ruserok fails. Moving the target of the link into place
> > causes ruserok to succeed.
>
> ruserok() does not accept when it's not regular file.
What is the reason for this? Is this a security feature or buggy behavior?
> > ruserok also succeeds if hard links are used.
>
> ruserok() should be failed when hard links are used. I guess this
> behavior is not related with ruserok(). Could you confirm it using
> strace or ltrace?
You're right. What I thought was a hard link really wasn't.
> > Symlinks are fine on Solaris.
>
> The behaivor of ruserok is OS-dependent, so Solaris is not related
> with this report.
I know that its libC dependent, but I thought I'd give an example of
another OS whose libC doesn't have this behavior. Why does glibc's ruserok
behave this way with respect to links? Is it a security issue?
Ryan
Reply to: