[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MiNT 1.09 patch: unifs security

Hi Benni!

 Just like you said, really everyone is allowed to delete links on the
unifs, cause the ownership simply isn't checked, despite the filesystem
does support an uid for a link. I'm not sure if that's worth a lot changes
cause I doubt anyone would really need an XATTR on the unifs, well, perhaps
it should also provide a gid field to make it look better in those cases,
but then, it might be a bad idea to make the root directory itself writeable
by any other user. Anyway, here's a quick patch which should do fine for now:

--- orig/unifs.c	Fri Nov 19 15:34:52 1993
+++ my/unifs.c	Wed Dec  1 08:45:56 1993
@@ -268,6 +268,7 @@
 	while (u) {
 		if (!strncmp(u->name, name, NAME_MAX)) {
 			if ( (u->mode & S_IFMT) != S_IFLNK ) return EFILNF;
+			if (u->dev != curproc->euid) return EACCDN;
 			if (lastu)
 				lastu->next = u->next;

so long,
PS: If the above written looks weird, then that's probably because it _is_.
WhoDunnIt: Torsten Scherer (Schiller, Tesche, ...)
Where: Faculty of Technology, University of Bielefeld, Germany
EMail: itschere@techfak.uni-bielefeld.de / tesche@hrz.uni-bielefeld.de