From owner-freebsd-security@FreeBSD.ORG Mon Mar 8 02:43:10 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8BD7A16A4CE; Mon, 8 Mar 2004 02:43:10 -0800 (PST) Received: from darkness.comp.waw.pl (unknown [195.117.238.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7FF8543D48; Mon, 8 Mar 2004 02:43:09 -0800 (PST) (envelope-from pjd@darkness.comp.waw.pl) Received: by darkness.comp.waw.pl (Postfix, from userid 1009) id E7315AEA50; Mon, 8 Mar 2004 11:43:05 +0100 (CET) Date: Mon, 8 Mar 2004 11:43:05 +0100 From: Pawel Jakub Dawidek To: Tim Robbins Message-ID: <20040308104305.GJ10864@darkness.comp.waw.pl> References: <20040308093642.GI10864@darkness.comp.waw.pl> <20040308102555.GA85110@cat.robbins.dropbear.id.au> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="acY8GN8fvSPNWryy" Content-Disposition: inline In-Reply-To: <20040308102555.GA85110@cat.robbins.dropbear.id.au> User-Agent: Mutt/1.4.2i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 5.2.1-RC2 i386 cc: freebsd-security@freebsd.org Subject: Re: Call for review: restricted hardlinks. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Mar 2004 10:43:10 -0000 --acY8GN8fvSPNWryy Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 08, 2004 at 09:25:55PM +1100, Tim Robbins wrote: +> > It adds two new sysctls: +> >=20 +> > security.bsd.hardlink_check_uid +> > security.bsd.hardlink_check_gid +> >=20 +> > If sysctl security.bsd.hardlink_check_uid is set to 1, unprivileged us= ers +> > are not permitted to create hard links to files not owned by them. +> > If sysctl security.bsd.hardlink_check_gid is set to 1, unprivileged us= ers +> > are not permitted to create hard links to files if they are not member +> > of file's group. +> >=20 +> > For now user is able to create hardlinks to any files. +>=20 +> It might be more consistent with other UNIX access checks (e.g. vaccess(= )) +> if having the same uid as the file was sufficient to link to it, +> without having to be a group member. I can't convince myself either way +> on this, but it's worth thinking about. So you need to set security.bsd.hardlink_check_uid and don't touch security.bsd.hardlink_check_gid. +> Also be aware that as a side effect of this patch, old applications that= use +> the unlink()/link()/unlink() sequence instead of the rename() system call +> may not be able to rename files they don't own. Default values for those sysctls is 0, so system behaviour will change only on administrator request. --=20 Pawel Jakub Dawidek http://www.FreeBSD.org pjd@FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am! --acY8GN8fvSPNWryy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFATE45ForvXbEpPzQRAktnAKCozr3T4aVZ/YedQe3eVJLjnLjyBQCeMxXU m6uCZnHVrBYZPWqFpq4V2t8= =P19i -----END PGP SIGNATURE----- --acY8GN8fvSPNWryy--