Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > muc.lists.netbsd.tech.security > #251

Re: Hard link creation witout write access

From Greg Troxel <gdt@lexort.com>
Newsgroups muc.lists.netbsd.tech.security
Subject Re: Hard link creation witout write access
Date 2023-09-10 10:36 -0400
Organization Newsgate at muc.de e.V.
Message-ID <rmimsxum6ww.fsf@s1.lexort.com> (permalink)
References <rmir0n6m8ed.fsf@s1.lexort.com> <20230907112542.4C70560A70@jupiter.mumble.net>

Show all headers | View raw


Greg Troxel <gdt@lexort.com> writes:

>> Apparently we have sysctl knobs
>>
>> security.models.extensions.hardlink_check_uid
>> security.models.extensions.hardlink_check_gid
>>
>> to prohibit this bonkers linking, by prohibiting anyone but the owner
>> (hardlink_check_uid) or members of the group (hardlink_check_gid) from
>> creating hard links.  But the knobs are off by default.

Also, why is "check_gid" rational?  While posix admits all sorts of
stuff, the issue is semi-obviously "am I allowed to do stuff with this
file" and "is my gid the same" seems unlikely to be right.   So perhaps
those should be dropped in favor of hardlink_check_access.


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de

Back to muc.lists.netbsd.tech.security | Previous | NextPrevious in thread | Find similar | Unroll thread


Thread

Re: Hard link creation witout write access Greg Troxel <gdt@lexort.com> - 2023-09-10 10:04 -0400
  Re: Hard link creation witout write access Greg Troxel <gdt@lexort.com> - 2023-09-10 10:36 -0400

csiph-web