Re: Comments on draft-ietf-secsh-filexfer-05.txt

To: ietf-ssh%netbsd.org@localhost
Subject: Re: Comments on draft-ietf-secsh-filexfer-05.txt
From: daw%taverner.cs.berkeley.edu@localhost (David Wagner)
Date: Mon, 22 Mar 2004 22:35:09 +0000 (UTC)

Damien Miller  wrote:
>I think that SSH_FXP_OPEN should support a flag to stop it from
>following symlinks, like O_NOFOLLOW on some Unices.
>
>Without something like this, I believe that SSH_FXP_FSTAT isn't very
>useful as a race-free means to collect attributes. One could end up
>following a symlink unless one checks it first - which opens another race.

Even with O_NOFOLLOW, there are still race attacks.
Consider opening /tmp/foo/bar/baz; O_NOFOLLOW only ensures
that baz isn't a symlink, but makes no promises about foo or bar.

Maybe clients should be instructed not to rely on the filesystem
to be the same across multiple operations.  SSH_FXP_FSTAT then
SSH_FXP_OPEN is just as vulnerable to races as fstat() then open().

Follow-Ups:
- Re: Comments on draft-ietf-secsh-filexfer-05.txt
  - From: Damien Miller

References:
- Re: Comments on draft-ietf-secsh-filexfer-05.txt
  - From: Joseph Galbraith
- Re: Comments on draft-ietf-secsh-filexfer-05.txt
  - From: Damien Miller

Prev by Date: Re: Comments on draft-ietf-secsh-filexfer-05.txt
Next by Date: Re: Comments on draft-ietf-secsh-filexfer-05.txt
Previous by Thread: Re: Comments on draft-ietf-secsh-filexfer-05.txt
Next by Thread: Re: Comments on draft-ietf-secsh-filexfer-05.txt
Indexes:

Home | Main Index | Thread Index | Old Index