From owner-freebsd-security  Sun Mar 14  9:25:12 1999
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229])
	by hub.freebsd.org (Postfix) with ESMTP id 3521915428
	for <freebsd-security@FreeBSD.ORG>; Sun, 14 Mar 1999 09:25:05 -0800 (PST)
	(envelope-from robert@cyrus.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.8.8/8.8.8) with SMTP id MAA05307;
	Sun, 14 Mar 1999 12:24:43 -0500 (EST)
	(envelope-from robert@cyrus.watson.org)
Date: Sun, 14 Mar 1999 12:24:43 -0500 (EST)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@fledge.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: ACL's
In-Reply-To: <99Mar14.195521est.40346@border.alcanet.com.au>
Message-ID: <Pine.BSF.3.96.990314121837.5121C-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sun, 14 Mar 1999, Peter Jeremy wrote:

> Robert Watson <robert@cyrus.watson.org> wrote:
> 
> >I.e., user creates a hard link to /usr/sbin/somesetuidbin to
> >/usr/tmp/mytemp.
> 
> Normal users shouldn't have write permission anywhere on a partition
> containing system binaries - this also removes the problem.  (Note
> that /usr/tmp is accessible only by root under FreeBSD).

But many common FS arrangements do use the same partition for a
world-writable directory and the binaries.  For example:

/var on /usr/var (/var has /var/tmp)
/usr/local/ on /usr (The tex port requires a world-writable temp
                     directory)
/tmp on / (/sbin is usually on /; default install I believe)
/home on /usr/home (default install I believe)

I like the idea of the FS namespace having consistent
semantics--counter-intuitive security behavior like "the system is
relatively secure as long as you don't partition the system in any way
that allows these files to be on the same partition as these files..."
seems best to be avoided.

I think hard links are neat, et al, but I really don't think they add any
new useful functionality above symlinks, and they can certainly introduce
new problems.  They save a little disk space here and there (as long as
you don't recursive move anything)...

  Robert N Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: 03 01 DD 8E 15 67 48 73  25 6D 10 FC EC 68 C1 1C

Carnegie Mellon University            http://www.cmu.edu/
TIS Labs at Network Associates, Inc.  http://www.tis.com/
Safeport Network Services             http://www.safeport.com/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message