On Mon, 07 Feb 2005 19:57:06 +0100, Lorenzo =?ISO-8859-1?Q?Hern=E1ndez_?= =?ISO-8859-1?Q?Garc=EDa-Hierro?= said:
> This patch adds two checks to do_follow_link() and sys_link(), for > prevent users to follow (untrusted) symlinks owned by other users in > world-writable +t directories (i.e. /tmp), unless the owner of the > symlink is the owner of the directory, users will also not be able to > hardlink to files they do not own. This should be done using the LSM framework. That's what it's *THERE* for. I've previously posted an LSM that does these checks (and a few others), it should be in the archives.
pgpYxPoPRDxCV.pgp
Description: PGP signature