Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 14 Mar 1999 12:24:43 -0500 (EST)
From:      Robert Watson <robert@cyrus.watson.org>
To:        Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: ACL's
Message-ID:  <Pine.BSF.3.96.990314121837.5121C-100000@fledge.watson.org>
In-Reply-To: <99Mar14.195521est.40346@border.alcanet.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, 14 Mar 1999, Peter Jeremy wrote:

> Robert Watson <robert@cyrus.watson.org> wrote:
> 
> >I.e., user creates a hard link to /usr/sbin/somesetuidbin to
> >/usr/tmp/mytemp.
> 
> Normal users shouldn't have write permission anywhere on a partition
> containing system binaries - this also removes the problem.  (Note
> that /usr/tmp is accessible only by root under FreeBSD).

But many common FS arrangements do use the same partition for a
world-writable directory and the binaries.  For example:

/var on /usr/var (/var has /var/tmp)
/usr/local/ on /usr (The tex port requires a world-writable temp
                     directory)
/tmp on / (/sbin is usually on /; default install I believe)
/home on /usr/home (default install I believe)

I like the idea of the FS namespace having consistent
semantics--counter-intuitive security behavior like "the system is
relatively secure as long as you don't partition the system in any way
that allows these files to be on the same partition as these files..."
seems best to be avoided.

I think hard links are neat, et al, but I really don't think they add any
new useful functionality above symlinks, and they can certainly introduce
new problems.  They save a little disk space here and there (as long as
you don't recursive move anything)...

  Robert N Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: 03 01 DD 8E 15 67 48 73  25 6D 10 FC EC 68 C1 1C

Carnegie Mellon University            http://www.cmu.edu/
TIS Labs at Network Associates, Inc.  http://www.tis.com/
Safeport Network Services             http://www.safeport.com/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990314121837.5121C-100000>