From owner-freebsd-hackers Mon Apr 8 21:14: 8 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from scaup.prod.itd.earthlink.net (scaup.mail.pas.earthlink.net [207.217.120.49]) by hub.freebsd.org (Postfix) with ESMTP id 36B1637B405; Mon, 8 Apr 2002 21:14:02 -0700 (PDT) Received: from pool0021.cvx40-bradley.dialup.earthlink.net ([216.244.42.21] helo=mindspring.com) by scaup.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 16un0k-0003VU-00; Mon, 08 Apr 2002 21:13:38 -0700 Message-ID: <3CB26A58.AD809508@mindspring.com> Date: Mon, 08 Apr 2002 21:13:12 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Dan Nelson Cc: Michael Smith , Doug White , "=?iso-8859-1?Q?Pawe=B3?= Jakub Dawidek" , freebsd-hackers@FreeBSD.ORG Subject: Re: Hardlinks... References: <200204081841.g38Ifi104580@mass.dis.org> <3CB21C40.A62B442@mindspring.com> <20020408232326.GB1749@dan.emsphone.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Dan Nelson wrote: > > I think the problem with someone else making a link to my file and > > keeping it around is an issue of access controls to the file itself, > > and not really a problem: e.g. if you want to avoid it, don't rely on > > obscurity, and don't permit exterior access to the files. > > But the question is "should execute permission on a directory imply > link permission for all files in the directory?" If you can copy it, you should be allowed to link it; if you can't, then you shouldn't. > If so, we'll have to move master.passwd and spwd.db out of etc, then. > Into /etc/shadow/ (chmod 0) maybe? If the user can cd into the > directory the file is in, he can link it elsewhere. You don't even > need read permission on the directory. The ability to link to files you don't have read access to is rather ridiculous. The patch that was proposed, though shot you in the head, even if you do have read access (e.g. as in a "LCK..tty0" file). It's arguable that "/" and "/usr" themselves should be mounted read-only, and that /tmp should be "elsewhere", though, so this could be portrayed as an administrative issue, not a kernel issue. > > I think a patch that disallowed it entirely would break > > /var/spool/lock based locking. 8-(. > > But for UUCP locking, you're linking a tempfile that you just created > to the true lock name. You are linking from a file you own, which > would be allowed even under the strictest lockdown of link. I think > it'd work fine. Think "lock override due to ``kill -0'' giving ESRCH instead of EPERM or success". -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message