[torquedev] Liblog chk_file_sec() function bugs

Sergio Gelato Sergio.Gelato at astro.su.se
Mon Oct 1 14:25:07 MDT 2007


* Vinod KV [2007-10-01 19:26:54 +0530]:
> Comments from the source :
> 
>     *      To be secure, all directories (and final file) in path must be:
>     *              owned by uid < 10
>     *              owned by group < 10 if group writable
>     *              not have world writable unless stick bit set & this
>    is allowed.
> 
> I understand the stress on the security of the __files used by 
> daemons__, and these three make sense for those files. But IMHO, 
> applying the same for __every file/directory in the path__ , seems like 
> an over-kill.
> 
> Can anyone comment on this?

If you have write access to the parent directory, you can rename the file
and replace it with a symbolic link to some other location, maybe on a
different filesystem where it's easier for you to create files with
the uid/gid values you need.

That said, I fully expect sites to patch this code to suit their local 
requirements. For example, I insist on uid==0 while some places may want 
uid<1000 instead. I don't see any obvious one-size-fits-all solution.


More information about the torquedev mailing list