Date: Sun, 14 Mar 1999 13:15:47 -0600 From: Jon Hamilton <hamilton@pobox.com> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>, freebsd-security@FreeBSD.ORG Subject: Re: ACL's Message-ID: <19990314191547.804833F@woodstock> In-Reply-To: Your message of "Sun, 14 Mar 1999 12:24:43 EST." <Pine.BSF.3.96.990314121837.5121C-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.3.96.990314121837.5121C-100000@fledge.watson.org>, Robert Watson wrote: } On Sun, 14 Mar 1999, Peter Jeremy wrote: } } > Robert Watson <robert@cyrus.watson.org> wrote: } > } > >I.e., user creates a hard link to /usr/sbin/somesetuidbin to } > >/usr/tmp/mytemp. } > } > Normal users shouldn't have write permission anywhere on a partition } > containing system binaries - this also removes the problem. (Note } > that /usr/tmp is accessible only by root under FreeBSD). } } But many common FS arrangements do use the same partition for a } world-writable directory and the binaries. For example: } } /var on /usr/var (/var has /var/tmp) } /usr/local/ on /usr (The tex port requires a world-writable temp } directory) } /tmp on / (/sbin is usually on /; default install I believe) } /home on /usr/home (default install I believe) } } I like the idea of the FS namespace having consistent } semantics--counter-intuitive security behavior like "the system is } relatively secure as long as you don't partition the system in any way } that allows these files to be on the same partition as these files..." } seems best to be avoided. } } I think hard links are neat, et al, but I really don't think they add any } new useful functionality above symlinks, and they can certainly introduce } new problems. They save a little disk space here and there (as long as } you don't recursive move anything)... Symbolic links are a nightmare if you move things around. They also won't work across chroot boundaries, and can cause problems across NFS particularly in environments using the automounter -- if you use absolute symbolic links (i.e. ones which go through /) you get a surprise when someone on a remote workstation tries to use them and they try to reference / on the _remote_ machine. Use relative symbolic links and you may get surprises too. -- Jon Hamilton hamilton@pobox.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990314191547.804833F>