From owner-freebsd-hackers@FreeBSD.ORG Sun Nov 5 06:10:03 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CAD0116A4A0 for ; Sun, 5 Nov 2006 06:10:03 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from fw.zoral.com.ua (fw.zoral.com.ua [213.186.206.134]) by mx1.FreeBSD.org (Postfix) with ESMTP id EDD1B43DDA for ; Sun, 5 Nov 2006 06:09:29 +0000 (GMT) (envelope-from kostikbel@gmail.com) Received: from deviant.kiev.zoral.com.ua (root@deviant.kiev.zoral.com.ua [10.1.1.148]) by fw.zoral.com.ua (8.13.4/8.13.4) with ESMTP id kA569N5V005974 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 5 Nov 2006 08:09:23 +0200 (EET) (envelope-from kostikbel@gmail.com) Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1]) by deviant.kiev.zoral.com.ua (8.13.8/8.13.8) with ESMTP id kA569NP0016945; Sun, 5 Nov 2006 08:09:23 +0200 (EET) (envelope-from kostikbel@gmail.com) Received: (from kostik@localhost) by deviant.kiev.zoral.com.ua (8.13.8/8.13.8/Submit) id kA569N5n016944; Sun, 5 Nov 2006 08:09:23 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to kostikbel@gmail.com using -f Date: Sun, 5 Nov 2006 08:09:23 +0200 From: Kostik Belousov To: Joerg Pernfuss Message-ID: <20061105060923.GO12108@deviant.kiev.zoral.com.ua> References: <20061029222847.GA68272@marvin.astase.com> <20061030003628.42bc5f8d@loki.starkstrom.lan> <00f201c6fbb6$0c6bd150$b3db87d4@multiplay.co.uk> <20061030024358.39a12359@loki.starkstrom.lan> <200611050222.kA52Mdm0011497@apollo.backplane.com> <20061105052832.68400a56@loki.starkstrom.lan> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Sr6hGnsCY8KeifOY" Content-Disposition: inline In-Reply-To: <20061105052832.68400a56@loki.starkstrom.lan> User-Agent: Mutt/1.4.2.2i X-Virus-Scanned: ClamAV version 0.88.4, clamav-milter version 0.88.4 on fw.zoral.com.ua X-Virus-Status: Clean X-Spam-Status: No, score=1.4 required=5.0 tests=SPF_NEUTRAL, UNPARSEABLE_RELAY autolearn=no version=3.1.4 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on fw.zoral.com.ua Cc: freebsd-hackers@freebsd.org Subject: Re: [patch] rm can have undesired side-effects X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Nov 2006 06:10:03 -0000 --Sr6hGnsCY8KeifOY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Nov 05, 2006 at 05:28:32AM +0100, Joerg Pernfuss wrote: > And I still have no idea why ln(1) allows links to files the user has > no access rights whatsoever, in a directory the owner of the file > has no access to in the first place. And what happens when I link the > 0600 file state_secret.doc that is owned by someone else, into a > directory I own and set SUIDDIR? Will that then be my file and the > original owner will be denied access on his link to the file? > (yes, kernel support required, i know. but it would be fun.) >=20 You could use security.bsd.hardlink_check_uid and security.bsd.hardlink_check_gid sysctls to control this. By default, they are disabled. --Sr6hGnsCY8KeifOY Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFTYASC3+MBN1Mb4gRAr7bAKDuMDKVuQjfFzLCdBdwubg7ipWyYgCgkUqu K0gLnkC/3H/bDxjFJJ+exjk= =RgRO -----END PGP SIGNATURE----- --Sr6hGnsCY8KeifOY--