From 974784e8b47d693907dda2a43b08b8fcd803ecff Mon Sep 17 00:00:00 2001 From: Guido van Rooij Date: Wed, 29 Sep 1999 21:09:41 +0000 Subject: [PATCH] Do not follow symlinks when binding a unix domain socket. This fixes the ssh 1.2.27 vulnerability as reported in bugtraq. --- sys/kern/uipc_usrreq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index 66352aa8595..7f9304ab775 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -548,7 +548,7 @@ unp_bind(unp, nam, p) return EINVAL; strncpy(buf, soun->sun_path, namelen); buf[namelen] = 0; /* null-terminate the string */ - NDINIT(&nd, CREATE, FOLLOW | LOCKPARENT, UIO_SYSSPACE, + NDINIT(&nd, CREATE, NOFOLLOW | LOCKPARENT, UIO_SYSSPACE, buf, p); /* SHOULD BE ABLE TO ADOPT EXISTING AND wakeup() ALA FIFO's */ error = namei(&nd);