[patch] rm can have undesired side-effects

Daniel Valencia fetrovsky at yahoo.com
Sun Nov 5 19:30:33 UTC 2006


Shouldn't it be actually enabled by default?... I think a user should be able to get the insecure behaviour _only_ if he wants to...

- Daniel



----- Original Message ----
From: Joerg Pernfuss <elessar at bsdforen.de>
To: Kostik Belousov <kostikbel at gmail.com>
Cc: freebsd-hackers at freebsd.org
Sent: Saturday, November 4, 2006 10:22:36 PM
Subject: Re: [patch] rm can have undesired side-effects


On Sun, 5 Nov 2006 08:09:23 +0200
Kostik Belousov <kostikbel at gmail.com> wrote:

> On Sun, Nov 05, 2006 at 05:28:32AM +0100, Joerg Pernfuss wrote:
> > And I still have no idea why ln(1) allows links to files the user
> > has no access rights whatsoever, in a directory the owner of the
> > file has no access to in the first place. And what happens when I
> > link the 0600 file state_secret.doc that is owned by someone else,
> > into a directory I own and set SUIDDIR? Will that then be my file
> > and the original owner will be denied access on his link to the
> > file? (yes, kernel support required, i know. but it would be fun.)
> > 
> You could use security.bsd.hardlink_check_uid and
> security.bsd.hardlink_check_gid sysctls to control this. By default,
> they are disabled.

Ah, thank you.

    Joerg

-- 
| /"\   ASCII ribbon   |  GnuPG Key ID | e86d b753 3deb e749 6c3a |
| \ / campaign against |    0xbbcaad24 | 5706 1f7d 6cfd bbca ad24 |
|  X    HTML in email  |        .the next sentence is true.       |
| / \     and news     |     .the previous sentence was a lie.    |



More information about the freebsd-hackers mailing list