Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 8 Mar 2004 11:43:05 +0100
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        Tim Robbins <tjr@freebsd.org>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Call for review: restricted hardlinks.
Message-ID:  <20040308104305.GJ10864@darkness.comp.waw.pl>
In-Reply-To: <20040308102555.GA85110@cat.robbins.dropbear.id.au>
References:  <20040308093642.GI10864@darkness.comp.waw.pl> <20040308102555.GA85110@cat.robbins.dropbear.id.au>
next in thread | previous in thread | raw e-mail | index | archive | help 

--acY8GN8fvSPNWryy
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Mar 08, 2004 at 09:25:55PM +1100, Tim Robbins wrote:
+> > It adds two new sysctls:
+> >=20
+> > 	security.bsd.hardlink_check_uid
+> > 	security.bsd.hardlink_check_gid
+> >=20
+> > If sysctl security.bsd.hardlink_check_uid is set to 1, unprivileged us=
ers
+> > are not permitted to create hard links to files not owned by them.
+> > If sysctl security.bsd.hardlink_check_gid is set to 1, unprivileged us=
ers
+> > are not permitted to create hard links to files if they are not member
+> > of file's group.
+> >=20
+> > For now user is able to create hardlinks to any files.
+>=20
+> It might be more consistent with other UNIX access checks (e.g. vaccess(=
))
+> if having the same uid as the file was sufficient to link to it,
+> without having to be a group member. I can't convince myself either way
+> on this, but it's worth thinking about.

So you need to set security.bsd.hardlink_check_uid and don't touch
security.bsd.hardlink_check_gid.

+> Also be aware that as a side effect of this patch, old applications that=
 use
+> the unlink()/link()/unlink() sequence instead of the rename() system call
+> may not be able to rename files they don't own.

Default values for those sysctls is 0, so system behaviour will change only
on administrator request.

--=20
Pawel Jakub Dawidek                       http://www.FreeBSD.org
pjd@FreeBSD.org                           http://garage.freebsd.pl
FreeBSD committer                         Am I Evil? Yes, I Am!

--acY8GN8fvSPNWryy
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFATE45ForvXbEpPzQRAktnAKCozr3T4aVZ/YedQe3eVJLjnLjyBQCeMxXU
m6uCZnHVrBYZPWqFpq4V2t8=
=P19i
-----END PGP SIGNATURE-----

--acY8GN8fvSPNWryy--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040308104305.GJ10864>