[patch] rm can have undesired side-effects
Daniel Valencia
fetrovsky at yahoo.com
Sun Nov 5 19:30:33 UTC 2006
Shouldn't it be actually enabled by default?... I think a user should be able to get the insecure behaviour _only_ if he wants to...
- Daniel
----- Original Message ----
From: Joerg Pernfuss <elessar at bsdforen.de>
To: Kostik Belousov <kostikbel at gmail.com>
Cc: freebsd-hackers at freebsd.org
Sent: Saturday, November 4, 2006 10:22:36 PM
Subject: Re: [patch] rm can have undesired side-effects
On Sun, 5 Nov 2006 08:09:23 +0200
Kostik Belousov <kostikbel at gmail.com> wrote:
> On Sun, Nov 05, 2006 at 05:28:32AM +0100, Joerg Pernfuss wrote:
> > And I still have no idea why ln(1) allows links to files the user
> > has no access rights whatsoever, in a directory the owner of the
> > file has no access to in the first place. And what happens when I
> > link the 0600 file state_secret.doc that is owned by someone else,
> > into a directory I own and set SUIDDIR? Will that then be my file
> > and the original owner will be denied access on his link to the
> > file? (yes, kernel support required, i know. but it would be fun.)
> >
> You could use security.bsd.hardlink_check_uid and
> security.bsd.hardlink_check_gid sysctls to control this. By default,
> they are disabled.
Ah, thank you.
Joerg
--
| /"\ ASCII ribbon | GnuPG Key ID | e86d b753 3deb e749 6c3a |
| \ / campaign against | 0xbbcaad24 | 5706 1f7d 6cfd bbca ad24 |
| X HTML in email | .the next sentence is true. |
| / \ and news | .the previous sentence was a lie. |
More information about the freebsd-hackers
mailing list