Date: Sun, 5 Nov 2006 08:09:23 +0200 From: Kostik Belousov <kostikbel@gmail.com> To: Joerg Pernfuss <elessar@bsdforen.de> Cc: freebsd-hackers@freebsd.org Subject: Re: [patch] rm can have undesired side-effects Message-ID: <20061105060923.GO12108@deviant.kiev.zoral.com.ua> In-Reply-To: <20061105052832.68400a56@loki.starkstrom.lan> References: <20061029222847.GA68272@marvin.astase.com> <20061030003628.42bc5f8d@loki.starkstrom.lan> <00f201c6fbb6$0c6bd150$b3db87d4@multiplay.co.uk> <20061030024358.39a12359@loki.starkstrom.lan> <200611050222.kA52Mdm0011497@apollo.backplane.com> <20061105052832.68400a56@loki.starkstrom.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sr6hGnsCY8KeifOY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Nov 05, 2006 at 05:28:32AM +0100, Joerg Pernfuss wrote: > And I still have no idea why ln(1) allows links to files the user has > no access rights whatsoever, in a directory the owner of the file > has no access to in the first place. And what happens when I link the > 0600 file state_secret.doc that is owned by someone else, into a > directory I own and set SUIDDIR? Will that then be my file and the > original owner will be denied access on his link to the file? > (yes, kernel support required, i know. but it would be fun.) >=20 You could use security.bsd.hardlink_check_uid and security.bsd.hardlink_check_gid sysctls to control this. By default, they are disabled. --Sr6hGnsCY8KeifOY Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFTYASC3+MBN1Mb4gRAr7bAKDuMDKVuQjfFzLCdBdwubg7ipWyYgCgkUqu K0gLnkC/3H/bDxjFJJ+exjk= =RgRO -----END PGP SIGNATURE----- --Sr6hGnsCY8KeifOY--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061105060923.GO12108>