[ On Wednesday, May 15, 2002 at 13:39:15 (-0400), Andrew Brown wrote: ]
> Subject: Re: /etc/security, mtree, and links to files and directories
>
> >> can anyone think of any security risks associated with mtree always
> >> following all the symlinks?  or...not warning if it finds one where it
> >> expected a file or a directory?
> >
> >Any file that's explicitly supposed to be a regular file should never be
> >a symlink.  Conversely any file that's supposed to be a symlink should
> >never be any other type of file.
> 
> and what of /etc/localtime?  certainly one *must* have such a thing,
> but the cases for "link" and for "file" are equally valid, are they
> not?

Exactly -- it must exist and it must either be a regular file or a
symlink pointing into [..]/usr/share/zoineinfo/*

If any sys-admin wants anything different than that, and if they don't
want a warning about doing something different, then they will have to
make a local change to their /etc/mtree/* file[s]!  :-)

> >I think what we need in 'mtree' is the ability to say that some object
> >may be either a file (of some specified type) or a symlink, and in the
> >latter case the optional ability to say where the symlink must point to.
> 
> so things would be either "file" or "dir" or "link to file" or "link
> to dir"?

yeah, something like that.....

(just "symlink" is sufficient though as you don't really have to worry
about the file type, or the permissions and ownership of the file being
pointed to -- those will be specified on a separate line, if that's
what's desired)

>  got code?

I wish!  ;-)

I wouldn't have to skim past many of lines of mtree output for dozens of
systems every day and worry that I've missed some important warning if I
did have such code!  ;-)

> >In an ideal world the symlink value could be expressed as a form of
> >extended glob pattern (one that allows "/foo/*" to be differentiated
> >from "/foo/bar/*", though I don't yet have a good idea of what that
> >syntax might be), or perhaps as an ERE.
> 
> i don't think getting into a discussion of the range of values for a
> "required" symlink is germane to this discussion.

If you're going to have a symlink then you really do want the ability to
specify its location.  If you can specify its location then for things
like /etc/localtime you need the ability to specify a range of
locations.  You'd certainly want a warning if suddenly /etc/localtime
was a symlink pointing to /var/tmp, wouldn't you?

>  what of tweaking
> the special file and the call to mtree to follow symlinks?

That's a very lame hack.  From a system integrity point of view (which
is the entire reason why we run mtree from /etc/security in the first
place), symlinks are first-class citizens and need to be fully accounted
for.

-- 
								Greg A. Woods

+1 416 218-0098;  <gwoods@acm.org>;  <g.a.woods@ieee.org>;  <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>