On Thu, 29 Aug 2002, Bruce Momjian wrote:
> Nigel J. Andrews wrote:
> > On Wed, 28 Aug 2002, Alvaro Herrera wrote:
> >
> > > En Wed, 28 Aug 2002 17:33:34 -0400 (EDT)
> > >
> > > Thank you. Patch attached. Note that it also checks group access; I think
> > > that is desired as well.
> >
> > +
> > + /* If password file is insecure, alert the user and ignore it. */
> > + if (stat_buf.st_mode & (S_IRWXG | S_IRWXO))
> >
> >
> > Should there also be a S_IFREG check to make sure no one is trying any other
> > tricks? I'm not sure of what an exploit would be but for the sake of paranoia
> > it seems a cheap test.
> >
> > I take it no one wants to start checking directory tree permissions etc.
>
> They may want a symlink to point to somewhere else. I can see that. In
> fact, I can see settings for Unix group sharing a password file but I am
> not going to suggest loosening the group permissions until someone says
> they want that.
Doesn't stat() resolve all symlinks?
I must admit it's not something I've check but I thought it went through until
it found a non symlink.
I'm probably just being too paranoid about pipes etc. though.
I'd wait and see about the group permissions as well. I can't really see the
need myself. I'm not very imaginative at times though. May be in a teaching
environment.
--
Nigel J. Andrews
