From owner-freebsd-hackers  Mon Apr  8 12:49:20 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8166837B400; Mon,  8 Apr 2002 12:49:17 -0700 (PDT)
Received: from dan.emsphone.com (smmsp@localhost [127.0.0.1])
	by dan.emsphone.com (8.12.2/8.12.2) with ESMTP id g38JnFmG078215;
	Mon, 8 Apr 2002 14:49:16 -0500 (CDT)
	(envelope-from dan@dan.emsphone.com)
Received: (from dan@localhost)
	by dan.emsphone.com (8.12.2/8.12.2/Submit) id g38JnFLx078214;
	Mon, 8 Apr 2002 14:49:15 -0500 (CDT)
Date: Mon, 8 Apr 2002 14:49:15 -0500
From: Dan Nelson <dnelson@allantgroup.com>
To: "Kurt J. Lidl" <lidl@pix.net>
Cc: Michael Smith <msmith@FreeBSD.ORG>,
	Doug White <dwhite@resnet.uoregon.edu>,
	=?cp437?Q?Pawe=B3?= Jakub Dawidek <nick@garage.freebsd.pl>,
	freebsd-hackers@FreeBSD.ORG
Subject: Re: Hardlinks...
Message-ID: <20020408194915.GA1749@dan.emsphone.com>
References: <20020408113423.Y81506-100000@resnet.uoregon.edu> <200204081841.g38Ifi104580@mass.dis.org> <20020408144516.B2035@pix.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020408144516.B2035@pix.net>
User-Agent: Mutt/1.3.28i
X-OS: FreeBSD 5.0-CURRENT
X-message-flag: Outlook Error
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

In the last episode (Apr 08), Kurt J. Lidl said:
> On Mon, Apr 08, 2002 at 11:41:44AM -0700, Michael Smith wrote:
> > You could also use this technique to maliciously exhaust a user's
> > quota, by linking to their temporary files.  I'm not sure what the
> > standards have to say about this, but I don't much like the current
> > behaviour.
> 
> The truely paranoid ftruncate the file size to zero if the link count
> is larger than one.

.. or even if isn't, as someone might link it just before you delete
it.  An attacker can still exhaust your inode quota with 0-length
files.

I wonder if there is any reason to allow arbitrary hardlinking; maybe
only allow linking of files you currently have read access to?  Only
files that you own?  Only allow root to hardlink?  How paranoid do you
want to be?  :)  It could always be another sysctl knob.

-- 
	Dan Nelson
	dnelson@allantgroup.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message