Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 6 Jan 2007 08:18:26 -0800 (PST)
From:      Jon Passki <cykyc@yahoo.com>
To:        Robert Watson <rwatson@FreeBSD.org>, Colin Percival <cperciva@freebsd.org>
Cc:        Ceri Davies <ceri@submonkey.net>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>
Subject:   Re: default value of security.bsd.hardlink_check_[ug]id
Message-ID:  <77286.26791.qm@web56107.mail.re3.yahoo.com>
In-Reply-To: <20070102230111.M7974@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--- Robert Watson <rwatson@FreeBSD.org> wrote:

> 
> On Mon, 1 Jan 2007, Colin Percival wrote:
> 
> > Ceri Davies wrote:
> >> On Sat, Dec 30, 2006 at 09:08:42PM -0800, Colin Percival wrote:
> >>> I'd like to make security.bsd.hardlink_check_[ug]id default to 1,
> starting
> >>> with FreeBSD 7.x.  This would make it impossible for a user to
> create a hard
> >>> link to a file which he does not own.
> >>
> >>  a) you have provided no rationale;
> >
> > Allowing users to create hard links to files which they do not own
> creates
> > problems:
> > 1. If disk quotas are enabled, a user can waste another user's disk
> quota by
> > making it impossible for said other user to delete files.
> > 2. It becomes difficult to apply security fixes for issues
> involving setuid
> > binaries, since a local attacker could create hard links to all the
> setuid
> > binaries (or at least those on filesystems where he can write
> somewhere) and
> > wait for a security issue to be found.
> 
> I find the second argument here most compelling, and use it as an
> example 
> frequently when complaining about hard links.  Hard links also one of
> the 
> elements that makes it difficult to usefully generate names for file
> system 
> objects, due to their introducing ambiguity.

Or this goofy one:
http://www.freebsd.org/cgi/query-pr.cgi?pr=conf/89589

Btw, OpenBSD does not allow this behavior but NetBSD does. At a
minimum, if the user cannot even copy a file, he or she ought not to
hard link the file.  This behaviour, though, was permitted the last
time I checked.

Cheers,

Jon





__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?77286.26791.qm>