Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > muc.lists.netbsd.tech.security > #251
| From | Greg Troxel <gdt@lexort.com> |
|---|---|
| Newsgroups | muc.lists.netbsd.tech.security |
| Subject | Re: Hard link creation witout write access |
| Date | 2023-09-10 10:36 -0400 |
| Organization | Newsgate at muc.de e.V. |
| Message-ID | <rmimsxum6ww.fsf@s1.lexort.com> (permalink) |
| References | <rmir0n6m8ed.fsf@s1.lexort.com> <20230907112542.4C70560A70@jupiter.mumble.net> |
Greg Troxel <gdt@lexort.com> writes: >> Apparently we have sysctl knobs >> >> security.models.extensions.hardlink_check_uid >> security.models.extensions.hardlink_check_gid >> >> to prohibit this bonkers linking, by prohibiting anyone but the owner >> (hardlink_check_uid) or members of the group (hardlink_check_gid) from >> creating hard links. But the knobs are off by default. Also, why is "check_gid" rational? While posix admits all sorts of stuff, the issue is semi-obviously "am I allowed to do stuff with this file" and "is my gid the same" seems unlikely to be right. So perhaps those should be dropped in favor of hardlink_check_access. -- Posted automagically by a mail2news gateway at muc.de e.V. Please direct questions, flames, donations, etc. to news-admin@muc.de
Back to muc.lists.netbsd.tech.security | Previous | Next — Previous in thread | Find similar | Unroll thread
Re: Hard link creation witout write access Greg Troxel <gdt@lexort.com> - 2023-09-10 10:04 -0400 Re: Hard link creation witout write access Greg Troxel <gdt@lexort.com> - 2023-09-10 10:36 -0400
csiph-web