Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 17 Sep 2013 20:09:04 +0200
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        Oleg Ginzburg <olevole@olevole.ru>
Cc:        freebsd-fs@freebsd.org
Subject:   Re: linkat(2) Operation not permitted
Message-ID:  <20130917180904.GA1406@garage.freebsd.pl>
In-Reply-To: <2628598.ea1ZiWMKQv@home.my.domain>
References:  <2628598.ea1ZiWMKQv@home.my.domain>
next in thread | previous in thread | raw e-mail | index | archive | help 

--X1bOJ3K7DJ5YkBrT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Sep 15, 2013 at 04:21:04PM -0700, Oleg Ginzburg wrote:
> Hi
>=20
> For some reason, creating hardlink within one UFS is failed for /usr/bin/=
chfn=20
> with "operation not permitted" messages (other file is ok)

This is because this file has 'schg' flag set. See:

	# ls -lo /usr/bin/chfn

So this is difference in handling the 'schg' flag by UFS and ZFS.

I think I like UFS behaviour better. If regular user has write access to
some directory, which is part of the same file system as the set-uid
binary, then he can create hardlink to set-uid file and wait for a
security to be found in this set-uid file. For example if /tmp/ and
/usr/bin/ is on a single file system, I could create hardlink to chfn
and other set-uid-root binaries and once security hole is found and even
if system is updated, I still has access to the old set-uid-root binary
to exploit.

My suggestion would be to change ZFS behaviour to not allow hardlinks if
the 'schg' flag is set. Something like this (not even compile-tested):

	http://people.freebsd.org/~pjd/patches/zfs_vnops.c.8.patch

--=20
Pawel Jakub Dawidek                       http://www.wheelsystems.com
FreeBSD committer                         http://www.FreeBSD.org
Am I Evil? Yes, I Am!                     http://mobter.com

--X1bOJ3K7DJ5YkBrT
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (FreeBSD)

iEYEARECAAYFAlI4msAACgkQForvXbEpPzTJCACg0Zdh3xLJKurYIbEg/X/fpmjD
aCMAn0TG0dez6QSQQ2I9lif/4vy5J7Pz
=Kwfr
-----END PGP SIGNATURE-----

--X1bOJ3K7DJ5YkBrT--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130917180904.GA1406>