Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#13530 closed bug (fixed)

Overly restrictive permissions on symbolic links in root directory

Reported by: mjw Owned by: nobody
Priority: normal Milestone: Unscheduled
Component: System/Kernel Version: R1/Development
Keywords: Cc:
Blocked By: Blocking:
Has a Patch: yes Platform: All

Description

I've noticed that the symbolic links in the root directory (/bin, for example) have no read, write or execute permissions. This prevents non-privileged users from sshing into a haiku box because the non-privileged user can not read or execute /bin/sh.

I'd expect the permissions on symlinks to be 0777.

With the attached patch, I can create an unprivileged user that can ssh into the box.

This bug looks similar to #12373, but that bug seems to be talking about different sources of problems.

Attachments (2)

link_permissions.patch (820 bytes ) - added by mjw 2 years ago.
proposed fix.
0001-Fix-permissions-on-symlinks-in-root-directory.patch (1.3 KB ) - added by mjw 2 years ago.
Update patch from a git export

Download all attachments as: .zip

Change History (11)

by mjw, 2 years ago

Attachment: link_permissions.patch added

proposed fix.

comment:1 by mjw, 2 years ago

Has a Patch: set

comment:2 by waddlesplash, 2 years ago

Note that you can export patches from Git in a format that will allow us to keep you as the author of the commit: git format-patch <since_ref>, where you can substitute -1 for <since_ref> to export the latest commit in such a format.

Otherwise, patch looks good to me.

by mjw, 2 years ago

Update patch from a git export

in reply to:  2 comment:3 by mjw, 2 years ago

Replying to waddlesplash:

Note that you can export patches from Git...

Thanks for the tip. I have uploaded a new patch.

comment:4 by jessicah, 2 years ago

Shouldn't it be 0755? Besides, most of these paths are read-only with packagefs ;-)

comment:5 by mjw, 2 years ago

The effective permissions will be the permissions of the directory that the symbolic link is pointing to, so I don't think it makes much sense to limit the permissions on the symbolic links to anything less than 0777.

comment:6 by jessicah, 2 years ago

Ah, fair enough.

comment:7 by waddlesplash, 2 years ago

Resolution: fixed
Status: newclosed

Applied in hrev51182. Thanks!

comment:8 by axeld, 2 years ago

FWIW the permissions on symlinks seem to be ignored by Linux, but honored by FreeBSD.

comment:9 by pulkomandy, 2 years ago

It would still make sense to have proper permissions on the symlinks. I'd even use 0555, so that no one can edit them (even if you can't access the target, the permissions on the symlink allow you to delete or rename it, for example). Or at least that is what would make sense with symlink permissions?

Note: See TracTickets for help on using tickets.