Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#13530 closed bug (fixed)

Overly restrictive permissions on symbolic links in root directory

Reported by: mjw Owned by: nobody
Priority: normal Milestone: Unscheduled
Component: System/Kernel Version: R1/Development
Keywords: Cc:
Blocked By: Blocking:
Has a Patch: yes Platform: All

Description

I've noticed that the symbolic links in the root directory (/bin, for example) have no read, write or execute permissions. This prevents non-privileged users from sshing into a haiku box because the non-privileged user can not read or execute /bin/sh.

I'd expect the permissions on symlinks to be 0777.

With the attached patch, I can create an unprivileged user that can ssh into the box.

This bug looks similar to #12373, but that bug seems to be talking about different sources of problems.

Attachments (2)

link_permissions.patch (820 bytes) - added by mjw 2 years ago.
proposed fix.
0001-Fix-permissions-on-symlinks-in-root-directory.patch (1.3 KB) - added by mjw 2 years ago.
Update patch from a git export

Download all attachments as: .zip

Change History (11)

Changed 2 years ago by mjw

Attachment: link_permissions.patch added

proposed fix.

comment:1 Changed 2 years ago by mjw

Has a Patch: set

comment:2 Changed 2 years ago by waddlesplash

Note that you can export patches from Git in a format that will allow us to keep you as the author of the commit: git format-patch <since_ref>, where you can substitute -1 for <since_ref> to export the latest commit in such a format.

Otherwise, patch looks good to me.

Changed 2 years ago by mjw

Update patch from a git export

comment:3 in reply to:  2 Changed 2 years ago by mjw

Replying to waddlesplash:

Note that you can export patches from Git...

Thanks for the tip. I have uploaded a new patch.

comment:4 Changed 2 years ago by jessicah

Shouldn't it be 0755? Besides, most of these paths are read-only with packagefs ;-)

comment:5 Changed 2 years ago by mjw

The effective permissions will be the permissions of the directory that the symbolic link is pointing to, so I don't think it makes much sense to limit the permissions on the symbolic links to anything less than 0777.

comment:6 Changed 2 years ago by jessicah

Ah, fair enough.

comment:7 Changed 2 years ago by waddlesplash

Resolution: fixed
Status: newclosed

Applied in hrev51182. Thanks!

comment:8 Changed 2 years ago by axeld

FWIW the permissions on symlinks seem to be ignored by Linux, but honored by FreeBSD.

comment:9 Changed 2 years ago by pulkomandy

It would still make sense to have proper permissions on the symlinks. I'd even use 0555, so that no one can edit them (even if you can't access the target, the permissions on the symlink allow you to delete or rename it, for example). Or at least that is what would make sense with symlink permissions?

Note: See TracTickets for help on using tickets.