[pkg-fetchmail-maint] Bug#452907: Bug#452907: .fetchmailrc not permitted to be a symlink
Nico Golde
nion at debian.org
Tue Nov 27 15:08:41 UTC 2007
Hi Roger,
* Roger Leigh <rleigh at whinlatter.ukfsn.org> [2007-11-26 23:21]:
> Nico Golde <nion at debian.org> writes:
[...]
> > But this could introduce some race condition with permission or uid
> > checks. This behaviour also prevents symlink attacks :)
>
> I'm not sure I see why, given that this is a config file--we aren't
> writing to it, which would be a case for a symlink attack.
I did not check it, was just a thought. Don't know if for
example fetchmail when run as root will print out errors
that can be used to get sensitive information if the
fetchmailrc is linked for example to shadow. However, no
idea I did not check it.
> I'm unsure why fetchmail doesn't avoid the race altogether, by
> open()ing the file first, and then calling fstat(). This is race free
> because there's no delay between the stat and the open; the
> information is coming straight from the inode of the open fd.
True I agree with you here.
> > So we suggest to workaround this by either adding a hardlink (if this works with git internals)
> > or executing -f - <"${HOME}/.fetchmailrc".
>
> Hardlinking won't work.
Why not?
> The latter is a good idea--I'll try that in the meantime.
Any results? Upstream regrets to implement this until you
raise your hand with a very good reason while I agree with
you because I also dont see a reason to not do this :)
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-fetchmail-maint/attachments/20071127/f6ab707d/attachment.pgp
More information about the pkg-fetchmail-maint
mailing list