From owner-freebsd-security  Sun Mar 14 13:36:18 1999
Delivered-To: freebsd-security@freebsd.org
Received: from puck.nether.net (puck.nether.net [204.42.254.5])
	by hub.freebsd.org (Postfix) with ESMTP id 40AAD15208
	for <freebsd-security@FreeBSD.ORG>; Sun, 14 Mar 1999 13:36:05 -0800 (PST)
	(envelope-from jared@puck.nether.net)
Received: (from jared@localhost)
	by puck.nether.net (8.9.3/8.7.3) id QAA23041;
	Sun, 14 Mar 1999 16:35:50 -0500
	(envelope-from jared)
Date: Sun, 14 Mar 1999 16:35:50 -0500
From: Jared Mauch <jared@puck.Nether.net>
To: Wilfredo Sanchez <wsanchez@apple.com>
Cc: Robert Watson <robert+freebsd@cyrus.watson.org>,
	Thomas Valentino Crimi <tcrimi+@andrew.cmu.edu>,
	freebsd-security@FreeBSD.ORG
Subject: Re: ACL's
Message-ID: <19990314163550.C20987@puck.nether.net>
Mail-Followup-To: Wilfredo Sanchez <wsanchez@apple.com>,
	Robert Watson <robert+freebsd@cyrus.watson.org>,
	Thomas Valentino Crimi <tcrimi+@andrew.cmu.edu>,
	freebsd-security@FreeBSD.ORG
References: <wque1H200Uw_0CHFc0@andrew.cmu.edu> <199903142128.NAA10220@scv2.apple.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.1i
In-Reply-To: <199903142128.NAA10220@scv2.apple.com>; from Wilfredo Sanchez on Sun, Mar 14, 1999 at 01:28:52PM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sun, Mar 14, 1999 at 01:28:52PM -0800, Wilfredo Sanchez wrote:
> | BTW, I'd really like to get rid of hard links -- they allow users to 
> | retain copies of setuid files after the owner thinks they are deleted. 
> | I.e., user creates a hard link to /usr/sbin/somesetuidbin to
> | /usr/tmp/mytemp.  Now the admin upgrades the machine, thinking  
> they have
> | removed the risk of the now known buggy somesetuidbin.
> 
>   Is there any reason (other than "it always has been so") why users  
> should be allowed to create hard links to files they don't own?

	I personally can't think of one.

	What would be interesting would be to see a kernel option
for it, have some folks test it, and see what might break
from this going on.

	- Jared

-- 
Jared Mauch  | pgp key available via finger from jared@puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message