| www.delorie.com/gnu/docs/cfengine/cfengine-Tutorial_38.html | search |
 Buy GNU books! | |
| www.delorie.com/gnu/docs/cfengine/cfengine-Tutorial_38.html | search |
|
Buy GNU books! | |
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
Recursively descending into directories and performing a globally `destructive' change is an inherently risky thing to do, unless you are certain of the directory structure.
Suppose, for instance, that a user with write access to the filesystem
added a symbolic link to `/etc/passwd', and we were doing a
recursive deletion. Suddlenly, cfengine becomes a destructive
weapon. The default behaviour is that cfengine does not follow symbolic
links in recursive descents, for this reason. The option
travlinks can be set to true, in order to change this. However,
in general, you should never change this option, especially if untrusted
users have access to parts of the filesystem, e.g. if you clear `/tmp'
recursively.
Cfagent checks for link race attacks, in which users try to swap a directory for a link, in between system calls, to trick cfagent into believing that a link is a directory, as of version 2.0.3 (and 1.6.4).
Note that, even if travlinks is set to true, cfagent will not
follow symbolic links that are not owned by the agent user ID; this is
to minimize the possibilty of link race attacks, in which users with
write access could divert the agent to another part of the filesystem.
| webmaster donations bookstore | delorie software privacy |
| Copyright © 2003 by The Free Software Foundation | Updated Jun 2003 |