IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Comments on draft-ietf-secsh-filexfer-05.txt
Damien Miller wrote:
>I think that SSH_FXP_OPEN should support a flag to stop it from
>following symlinks, like O_NOFOLLOW on some Unices.
>
>Without something like this, I believe that SSH_FXP_FSTAT isn't very
>useful as a race-free means to collect attributes. One could end up
>following a symlink unless one checks it first - which opens another race.
Even with O_NOFOLLOW, there are still race attacks.
Consider opening /tmp/foo/bar/baz; O_NOFOLLOW only ensures
that baz isn't a symlink, but makes no promises about foo or bar.
Maybe clients should be instructed not to rely on the filesystem
to be the same across multiple operations. SSH_FXP_FSTAT then
SSH_FXP_OPEN is just as vulnerable to races as fstat() then open().
Home |
Main Index |
Thread Index |
Old Index