Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > muc.lists.netbsd.tech.security > #250

Re: Hard link creation witout write access

From Greg Troxel <gdt@lexort.com>
Newsgroups muc.lists.netbsd.tech.security
Subject Re: Hard link creation witout write access
Date 2023-09-10 10:04 -0400
Organization Newsgate at muc.de e.V.
Message-ID <rmir0n6m8ed.fsf@s1.lexort.com> (permalink)
References <20230907112542.4C70560A70@jupiter.mumble.net>

Show all headers | View raw


Taylor R Campbell <riastradh@NetBSD.org> writes:

>> The implementation may require that the calling process has
>> permission to access the existing file.
>>
>> https://pubs.opengroup.org/onlinepubs/9699919799/functions/link.html
>
> So this behaviour is allowed by POSIX but it would also be allowed to
> make this fail with EACCES.  Unclear whether POSIX means ownership,
> group membership, write access, or read access, but unless a POSIX
> language lawyer can cite chapter & verse for the specific definition
> of `has permission to access', I think this means the implementation
> is allowed to apply any of those access rules?
>
> Apparently we have sysctl knobs
>
> security.models.extensions.hardlink_check_uid
> security.models.extensions.hardlink_check_gid
>
> to prohibit this bonkers linking, by prohibiting anyone but the owner
> (hardlink_check_uid) or members of the group (hardlink_check_gid) from
> creating hard links.  But the knobs are off by default.

How about we add

  security.models.extensions.hardlink_require_access

and define as (uid match || writable), default off for now, and all the
people that want this change and enable it on all their production
systems and if there is no trouble we can just default it to on.  I
would rather do that more slowly than accumulate crud in sysctl.conf.

Or perhaps have people just check_uid and then turn that on by default
and call "owns" as good enough for "access".

I do not expect much to break.  But I am always surprised.


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de

Back to muc.lists.netbsd.tech.security | Previous | NextNext in thread | Find similar | Unroll thread


Thread

Re: Hard link creation witout write access Greg Troxel <gdt@lexort.com> - 2023-09-10 10:04 -0400
  Re: Hard link creation witout write access Greg Troxel <gdt@lexort.com> - 2023-09-10 10:36 -0400

csiph-web