From owner-freebsd-fs Mon Oct 27 09:28:07 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id JAA07577 for fs-outgoing; Mon, 27 Oct 1997 09:28:07 -0800 (PST) (envelope-from owner-freebsd-fs) Received: from usr01.primenet.com (tlambert@usr01.primenet.com [206.165.6.201]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id JAA07467 for ; Mon, 27 Oct 1997 09:27:55 -0800 (PST) (envelope-from tlambert@usr01.primenet.com) Received: (from tlambert@localhost) by usr01.primenet.com (8.8.5/8.8.5) id KAA13912; Mon, 27 Oct 1997 10:26:09 -0700 (MST) From: Terry Lambert Message-Id: <199710271726.KAA13912@usr01.primenet.com> Subject: Re: disabled symlinks To: guido@gvr.org (Guido van Rooij) Date: Mon, 27 Oct 1997 17:26:08 +0000 (GMT) Cc: roberto@keltia.freenix.fr, freebsd-fs@FreeBSD.ORG In-Reply-To: <199710270752.IAA17352@gvr.gvr.org> from "Guido van Rooij" at Oct 27, 97 08:52:41 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-fs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > > The nosymlink flag do not allow the creation of a symlink > > > on the mounted file system. > > > > Could you please modify your patch not to _follow_ symlinks in order to > > disallow all symlinks in a given FS ? > > > > I think that mounting "nosymlinks" should mean "no symlinks whatsoever". > > In fact, perhaps this is more what you want then to disallow creation. > That would also be more in lie with nosuid. Creation of these files is okay, > but the s{u,g}id bits are not honoured. I disagree. If you disallow creation of links, then the only way links could exist is if they were put there before the mount option was specified -- ie: by the system administrator. In fact, I would prefer he modify the patch to still allow root to create symlinks. The danger you are escaping is symlinks created by your users. Personally, I'd prefer that the security holes be closed instead of worked around in this manner anyway, but if you are adding an option as administrative fiat, then it ought to respect the administrator. As far as "nosuid" goes, I will note that if root runs a program on a nosuid mounted volume, the program runs as root. And root can also "suid" to any user id, and run the program, simulating an "suid" event. So if the intent is to make it act like "nosuid", then it should only affect creation, and being root should override the option (ie: root can still create symlinks). Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.