|
|
Log in / Subscribe / Register

Local root vulnerability in snap-confine

Local root vulnerability in snap-confine

Posted Feb 18, 2022 8:22 UTC (Fri) by mfuzzey (subscriber, #57966)
In reply to: Local root vulnerability in snap-confine by jra
Parent article: Local root vulnerability in snap-confine

But symlinks are also extremely useful and many things would beak without them (shared library links, /etc/alternatives are the first things that spring to mind).

Removing them in the name of security would be like unplugging the network cable to fix network security issues.

Maybe the API could be improved by phasing out the path based interface over the fd based interface but given the quantity of code using it that would be hard.

I don't think removing features or even *forcing* code changes in the name of security is a good idea. By all means we should provide more secure ways of doing things but security is not the top requirement in all use cases. By "forcing" above I mean things like changing the kernel so the old insecure app wouldn't work anymore (which isn't going to fly with Linus anyway)..

to post comments

Local root vulnerability in snap-confine

Posted Feb 18, 2022 8:50 UTC (Fri) by taladar (subscriber, #68407) [Link]

I don't think forcing code changes should be ruled out as an option but it can only ever be a later step where the first step is to actually provide at least one secure alternative.

Local root vulnerability in snap-confine

Posted Feb 18, 2022 18:21 UTC (Fri) by jra (subscriber, #55261) [Link] (2 responses)

One of the things I'd like to see is wide knowledge and availability of MNT_NOSYMFOLLOW use, and making it available as a normal mount flag.

Then applications can state:

"This application is only known to be secure when used on a filesystem mounted with the MNT_NOSYMFOLLOW option. Use on filesystems allowing symlinks can lead to race conditions and security vulnerabilities."

Let admins know how to protect themselves from this misfeature.

Local root vulnerability in snap-confine

Posted Feb 19, 2022 6:23 UTC (Sat) by intelfx (subscriber, #130118) [Link] (1 responses)

> "This application is only known to be secure when used on a filesystem mounted with the MNT_NOSYMFOLLOW option. Use on filesystems allowing symlinks can lead to race conditions and security vulnerabilities."

I wouldn't use such software.

Local root vulnerability in snap-confine

Posted Feb 19, 2022 23:21 UTC (Sat) by jra (subscriber, #55261) [Link]

If I can get this mount flag to be easily used I will certainly add it to the recommended settings for a Samba server.

I'm sick of symlink insanity.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds