Zsh doing weird symlinks /pid-*/*

Zsh doing weird symlinks /pid-*/*

[Piotr Karbowski]

Hi,

Recently I put a zsh on a box with grsecurity's RBAC enabled and 
noticed, that zsh trying to create a weird symlink like 
/pid-2031/host-localhost, whats is the reason to do so?

(root:U:/bin/zsh) denied symlink from /pid-2031/host-localhost to 
/root/.zsh_history.LOCK by /bin/zsh[zsh:2031] uid/euid:0/0 gid/egid:0/0, 
parent /usr/sbin/sshd[sshd:2027] uid/euid:0/0 gid/egid:0/0

-- Piotr.

Re: Zsh doing weird symlinks /pid-*/*

[Bart Schaefer]

On Aug 2, 11:12am, Piotr Karbowski wrote:
}
} Recently I put a zsh on a box with grsecurity's RBAC enabled and 
} noticed, that zsh trying to create a weird symlink like 
} /pid-2031/host-localhost, whats is the reason to do so?

It's creating a dummy symlink that points to a non-existent file as
a way to atomically create a synchronization lock file and also store
useful information about which process and host acquired the lock (in
case the filesytem on which the lock is needed is an NFS share).

At the time this was invented, no one considered that there might be a
reason for a security policy to deny a symlink to a file that could
not possibly exist.  (In fact there probably wasn't any security
mechanism for doing so, at that time.)

Is there a target path for such a symlink that will not be denied?
Perhaps prefix the path with "/tmp"?  (Src/hist.c, search for "pidbuf")

Meanwhile this probably needs to be something we test for in configure,
though whether it succeeds may depend on who is running the build ...