Date: Sat, 23 Aug 2008 10:15:59 +0200 From: Ivan Voras <ivoras@freebsd.org> To: freebsd-arch@freebsd.org Subject: Re: Magic symlinks redux Message-ID: <g8oh02$988$1@ger.gmane.org> In-Reply-To: <20080822161314.GE57443@lor.one-eyed-alien.net> References: <g8kv7v$sp2$1@ger.gmane.org> <20080822150020.GA57443@lor.one-eyed-alien.net> <9bbcef730808220802pa84b597u457100a23b03a80c@mail.gmail.com> <20080822153945.GC57443@lor.one-eyed-alien.net> <9bbcef730808220853q22666b44n5ca2b7add991191f@mail.gmail.com> <20080822161314.GE57443@lor.one-eyed-alien.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig55EF31693237FD6088C8CCA6
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Brooks Davis wrote:
> On Fri, Aug 22, 2008 at 05:53:58PM +0200, Ivan Voras wrote:
>> Your example with uid is solved just like in userland (though the
>> names are messed up) and reflect getuid() and geteuid().
>=20
> Small changes to the file system namespace can easily lead to security
> issues when applications assume the namespace is static. This is
> particularly true for setuid binaries.
>=20
>> Anyway, if the DFBSD framework is properly implemented, it shouldn't
>> be hard to add these variables. If you don't want to, I volunteer.
>=20
> I'm not completely opposed to adding a static namespace for system
> wide variables. I'm not at all keen on the @ruid and @uid variables
> because I think they are risky. My current feeling is that I'd like to=
> move ahead with my current implementation and then either add another
> namespace or add this off to the side mostly as is.
Ok, how about adding another sysctl enabling ruid and uid (perhaps=20
change their name to uid and euid since NetBSD compatibility isn't=20
maintained) which will be off by default?
>> (I don't care about the syntax: @{something} vs ${something}, though I=
>> think NetBSD made the better choice since these variables are not
>> accessing the process environment).
>=20
> This is something I've been debating. I've been leading toward somethi=
ng other
> than ${something}. Either @{} or %{} or else going all the way to some=
thing
> like %%something%%. =20
Someone mentioned "@" clashes with AFS :(
> I don't like the unanchored components netbsd uses.
They could have an use case - see below:
> One other option we discussed at the devsummit was requiring that the f=
irst
> character of a variant symlink be special to reduce parsing overhead. =
I.e.
> requiring that variant symlinks start with @ or % or something.
I agree with this - it's elegant on the implementation side and=20
performance hit would be minimal. I'd also be happy with abandoning the=20
free form links and mandating that the entire component be one var=20
symlink (i.e. "/path1/@var/path2" is ok but "/path1/@{path2}.@{path3}"=20
isn't).
If you'd implement that special starting character, how would the=20
end-result look like? Something like "#path@{var}"? (for various values=20
of "#")?
--------------enig55EF31693237FD6088C8CCA6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIr8c/ldnAQVacBcgRAvCvAJ4kFbQGH7Dx6ThQD6VgVdBnckeJiQCfQjF2
1es8XF9twRJQCjgyevXXHAg=
=B76u
-----END PGP SIGNATURE-----
--------------enig55EF31693237FD6088C8CCA6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?g8oh02$988$1>