Re: security hole patch

[Cliff Skolnick <cl...@organic.com>]

I've seen alot of people trying to add a bit of security for
both symlinks and the running of CGI scripts.  Each proposal adds
a little security of which few really protect anything from a
malicious user.

For example, follow sylinks if only if owner.  People were worried
about someone placing a symlink to /etc/passwd or some other file
you don't want just anyone to see.  What would stop a malicious user
from simply using cp to copy the file and distribute it that way?
Seems like an admins would be fooling theselves to me.  Now a
follow sylink only if owned by root might make sense to me.  I just
don't see why we should trust a user's symlinks any less than we
trust his files.  I forgot who pointed the fact that ~user expansions
on hosts with an older (the newer automounter uses autofs) required
symlinks be turned on.  Some mechanism to allow the symlinks under
/home, but no others is needed, so maybe this is an ok thing.

I also have seen discussion about CGI security and log files, which
still confuses me a bit.  I still think if you don't trust a user
to be "good", then you should not let them install cgi's.  None
the less closeing log files upon exec would be a good thing if
we combined it with a chroot'ed enviornment for the execution of
a cgi.   So we are half the way to a real solution.  If a "caged"
enviornment, you may be willing to trust someone you would not
otherwise.

I think at some point when the program is overhauled we can look
at memory allocation.  That is something that will keep biting us
since one gets plugged, and more stack corruption bugs are found.

Cliff