Groups | Search | Server Info | Login | Register
Groups > muc.lists.netbsd.tech.security > #245
| From | Jan Schaumann <jschauma@netmeister.org> |
|---|---|
| Newsgroups | muc.lists.netbsd.tech.security |
| Subject | Re: Hard link creation witout write access |
| Date | 2023-09-07 09:47 -0400 |
| Organization | Newsgate at muc.de e.V. |
| Message-ID | <ZPnUYUJ4Ume22IF2@netmeister.org> (permalink) |
| References | <20230907112542.4C70560A70@jupiter.mumble.net> |
Taylor R Campbell <riastradh@NetBSD.org> wrote: > Today I learned that you can create hard links to a file you don't own > and can't write to or even read from: > > $ su -l root -c 'touch /tmp/foo && chmod 600 /tmp/foo' > $ ln /tmp/foo /tmp/bar > > This strikes me as bonkers and a likely source of security issues. [...] > Apparently we have sysctl knobs > > security.models.extensions.hardlink_check_uid > security.models.extensions.hardlink_check_gid > Just cross-referencing the earlier discussion from last year that lead to the addition of the sysctls: https://mail-index.netbsd.org/tech-security/2022/03/25/msg001108.html (This was referenced in the tech-kern@ version of this thread https://mail-index.netbsd.org/tech-kern/2023/09/07/msg029117.html; linking that here explicitly as well to make it easier for people going through the archives.) -Jan -- Posted automagically by a mail2news gateway at muc.de e.V. Please direct questions, flames, donations, etc. to news-admin@muc.de
Back to muc.lists.netbsd.tech.security | Previous | Next | Find similar
Re: Hard link creation witout write access Jan Schaumann <jschauma@netmeister.org> - 2023-09-07 09:47 -0400
csiph-web