RE: symlinks and security (was Re: [MLUG] Found tomcat problem)

[EMAIL:PROTECTED]

I would suspect it's a chroot issue.  If the symlink is to something outside 
of the chroot sandbox the server won't even be able to see it.  Do symlinks 
work if they are to something else within the chroot filesystem?  i.e. 
../../src is outside ../ but ../src is not.  There might be a way to change 
the behavior of symlinks beyond a chroot, but it would be discouraged. 

I forget the name of the other projects that do similar things to chroot. So 
just take chroot to mean any alternative/virtual root directory system. 

 -Stuart 

===Original Message===
Date: Wed, 16 Apr 2003 10:03:47 -0500 (CDT)
From: Jonathan King <EMAIL:PROTECTED>
Subject: symlinks and security (was Re: [MLUG] Found tomcat problem) 


On Wed, 16 Apr 2003, Jason McIntosh wrote: 

> Ok, it looks like I've found what's going on.  It seems the new Tomcat 
> system does not seem to follow symbolic links.  As the WEB-INF/classes 
> was symlinked to ../../src, Tomcat couldn't find the source files and 
> bombed out.

[snip] 

> And I can understand maybe why they did so, such as security issues, 
> but at least you'd think someone would have seen it before hand.

OK, so I'm just a bit curious about how this policy is supposed to have a
big effect on security.  It would seem to me that to get the symlink there
in the first place, you're going to need write permission in the
particular directory, and if the bad guys have that, you're toast.
Similarly, the bad guys are going to have to have write access to the
directory containing the linked-to stuff, and it's the same story.  If J.
Random has access to your system, I'm not sure why exploiting symlinks
would be the preferred method.  So what am I missing? 

jking
 --- 

EMAIL:PROTECTED 
_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members