[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#298985: libc6-dev: ruserok failes when hosts.equiv and .rhosts are symlinks

On Mon, Mar 14, 2005 at 11:10:50PM +0900, GOTO Masanori wrote:
> At Thu, 10 Mar 2005 15:11:06 -0800,
> Ryan Lovett wrote:
> > I don't know if this is intentional, but if /etc/hosts.equiv or .rhosts
> > are symlinks, ruserok fails. Moving the target of the link into place
> > causes ruserok to succeed.
> 
> ruserok() does not accept when it's not regular file.
 
What is the reason for this? Is this a security feature or buggy behavior?

> > ruserok also succeeds if hard links are used.
> 
> ruserok() should be failed when hard links are used.  I guess this
> behavior is not related with ruserok().  Could you confirm it using
> strace or ltrace?
 
You're right. What I thought was a hard link really wasn't.

> > Symlinks are fine on Solaris.
> 
> The behaivor of ruserok is OS-dependent, so Solaris is not related
> with this report.

I know that its libC dependent, but I thought I'd give an example of
another OS whose libC doesn't have this behavior. Why does glibc's ruserok
behave this way with respect to links? Is it a security issue?

Ryan
Reply to: