From owner-freebsd-hackers@FreeBSD.ORG Wed Sep 20 05:00:59 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 08F3316A407 for ; Wed, 20 Sep 2006 05:00:59 +0000 (UTC) (envelope-from myself@rojer.pp.ru) Received: from wooster.rojer.pp.ru (wooster.rojer.pp.ru [80.68.246.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6481143D53 for ; Wed, 20 Sep 2006 05:00:58 +0000 (GMT) (envelope-from myself@rojer.pp.ru) Received: from wooster.rojer.pp.ru (localhost [127.0.0.1]) by wooster.rojer.pp.ru (Postfix) with ESMTP id DE784114E9 for ; Wed, 20 Sep 2006 09:00:56 +0400 (MSD) X-Spam-Checker-Version: SpamAssassin 3.1.5-rojer (2006-08-29) on wooster.rojer.pp.ru X-Spam-Level: X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.1.5-rojer Received: from [IPv6:::1] (localhost [127.0.0.1]) by wooster.rojer.pp.ru (Postfix) with ESMTP for ; Wed, 20 Sep 2006 09:00:52 +0400 (MSD) Message-ID: <4510CAD7.5080001@rojer.pp.ru> Date: Tue, 19 Sep 2006 22:00:07 -0700 From: Deomid Ryabkov User-Agent: Thunderbird 1.5.0.7 (X11/20060916) MIME-Version: 1.0 To: freebsd-hackers@freebsd.org References: <10609200101.AA21405@pluto.rain.com> <4510AF6D.2060809@rojer.pp.ru> <10609200356.AA21953@pluto.rain.com> In-Reply-To: <10609200356.AA21953@pluto.rain.com> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms080601030103080802060906" Subject: Re: Symlinks on read-only FS X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Sep 2006 05:00:59 -0000 This is a cryptographically signed message in MIME format. --------------ms080601030103080802060906 Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Perry Hutchison wrote: > So the sort of write access being validated here would be writing to > the symlink itself (i.e. the definition)? symlinks are dereferenced during name lookup and are not affected by the write mount options of the filesystems they reside on. you can open a file for write by accessing a symlink pointing to it, even though the symlink itself may reside on a read-only filesystem. and you can disregard what i said in my previous post: there's no interface to change the symlink after it was created. actually, i'm not sure there is a real-world case in which this code would be invoked with VLNK. checking write permissions on a symlink? access(2)/eaccess(2) dereference symlinks. but if, for whatever reason, someone calls VOP_ACCESS on read-only UFS filesystem, checking if writing to symlink itself is ok, it will be denied. which makes sense. -- Deomid Ryabkov aka Rojer myself@rojer.pp.ru rojer@sysadmins.ru ICQ: 8025844 --------------ms080601030103080802060906 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJPTCC AvkwggJioAMCAQICEA6d3TvG5eRen2BAM1uAkm0wDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UE BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA2MDQwMTE4MjY1NFoX DTA3MDQwMTE4MjY1NFowXzEQMA4GA1UEBBMHUnlhYmtvdjEPMA0GA1UEKhMGRGVvbWlkMRcw FQYDVQQDEw5EZW9taWQgUnlhYmtvdjEhMB8GCSqGSIb3DQEJARYSbXlzZWxmQHJvamVyLnBw LnJ1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnOKvalRf0lrl/4S2fAVovyt 2FxjDn8hDhSOeYNY97Ddi8Y2t+eELg7cpxAUq9GnymPBQanGlvUN2VTuSA4YUVg+VE1yhGgE TDKm0CNVh0v5LOVVAs52IFvdQ0wREYRH0nPBa/ovPWVvlsJ/cIR5GhvRfAW3FbvuP+bEYU54 ESo7OTu7EeGVOLBTF5ow1zaU9PStIied3ffaK5xl8lB6TnQ7DBnIir0ugCqdAuaVxsjD4SfG hqzv42uOuvNjFCQhtFn9dUSnx1cF1TI39cumqVV4UNrqDlQZ4bgrBu/ClqSI4oJnfxgafNkq oSVx7mXNuD1U7V8tJRbOiNdZFpS6mwIDAQABoy8wLTAdBgNVHREEFjAUgRJteXNlbGZAcm9q ZXIucHAucnUwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQAmvjeaZmSMwreI1RIl M1frBBOatokRhsStY6nyswNwxpCCcMGiK6sS8a0rtE4Iowvm48oCfXG062anUAFUMJ+e6Fse uOE1lJKrFQRJWGUzp61BOZJH8HZfKnrb7ll2GXY7YvvBicmif/wdjEBgp0WwNucm6jJS/57f mY3M9LQbwzCCAvkwggJioAMCAQICEA6d3TvG5eRen2BAM1uAkm0wDQYJKoZIhvcNAQEEBQAw YjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4x LDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA2MDQw MTE4MjY1NFoXDTA3MDQwMTE4MjY1NFowXzEQMA4GA1UEBBMHUnlhYmtvdjEPMA0GA1UEKhMG RGVvbWlkMRcwFQYDVQQDEw5EZW9taWQgUnlhYmtvdjEhMB8GCSqGSIb3DQEJARYSbXlzZWxm QHJvamVyLnBwLnJ1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnOKvalRf0lr l/4S2fAVovyt2FxjDn8hDhSOeYNY97Ddi8Y2t+eELg7cpxAUq9GnymPBQanGlvUN2VTuSA4Y UVg+VE1yhGgETDKm0CNVh0v5LOVVAs52IFvdQ0wREYRH0nPBa/ovPWVvlsJ/cIR5GhvRfAW3 FbvuP+bEYU54ESo7OTu7EeGVOLBTF5ow1zaU9PStIied3ffaK5xl8lB6TnQ7DBnIir0ugCqd AuaVxsjD4SfGhqzv42uOuvNjFCQhtFn9dUSnx1cF1TI39cumqVV4UNrqDlQZ4bgrBu/ClqSI 4oJnfxgafNkqoSVx7mXNuD1U7V8tJRbOiNdZFpS6mwIDAQABoy8wLTAdBgNVHREEFjAUgRJt eXNlbGZAcm9qZXIucHAucnUwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQAmvjea ZmSMwreI1RIlM1frBBOatokRhsStY6nyswNwxpCCcMGiK6sS8a0rtE4Iowvm48oCfXG062an UAFUMJ+e6FseuOE1lJKrFQRJWGUzp61BOZJH8HZfKnrb7ll2GXY7YvvBicmif/wdjEBgp0Ww Nucm6jJS/57fmY3M9LQbwzCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJ BgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEa MBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy dmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTEr MCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcw MDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUg Q29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1h aWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065ypla HmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FW y688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEE QB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2 oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3Js MAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0x MzgwDQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYf qi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9l X5Xa9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggNkMIIDYAIBATB2 MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQu MSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQDp3dO8bl 5F6fYEAzW4CSbTAJBgUrDgMCGgUAoIIBwzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG CSqGSIb3DQEJBTEPFw0wNjA5MjAwNTAwMDdaMCMGCSqGSIb3DQEJBDEWBBRhCA00XDdcWwAb SxDtK4FEJYZeGjBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIA gDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBhQYJKwYBBAGCNxAE MXgwdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg THRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEA6d 3TvG5eRen2BAM1uAkm0wgYcGCyqGSIb3DQEJEAILMXigdjBiMQswCQYDVQQGEwJaQTElMCMG A1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBl cnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEA6d3TvG5eRen2BAM1uAkm0wDQYJKoZIhvcN AQEBBQAEggEAXUgP3tHrjhnqSnMIeWuFPWDkyETZS/7CPbcUsZOMo1nF4GctEA4nVMEv9AHa hyVGZ3J9r2WzP9icgqkifx2rvg0NXG5Yn67+whj/+p0Pg/1w3fDPKOYC80ISKMt+kgovnFoL qIlHh9GMajmK3LhSPKzJa3StdWgKvuMaOKf9dVln4scElvbgEbbIUHXPGCPkVDrVI6GK30E8 79EOA4kEaU3SwTjwRX9V6/AWprq16O1KfKW8snDzaOlHdT2EW1VKFmP2ZFrGoi8LT2c4kqD9 hBmkTvrZ3vSpkoSEgrPa9yxmH6vcxZ/zo89LcRaPNlOHQWGrR89/lnV3+Om55o5tjwAAAAAA AA== --------------ms080601030103080802060906--