Call for review: restricted hardlinks.
Pawel Jakub Dawidek
pjd at FreeBSD.org
Mon Mar 8 02:43:10 PST 2004
On Mon, Mar 08, 2004 at 09:25:55PM +1100, Tim Robbins wrote:
+> > It adds two new sysctls:
+> >
+> > security.bsd.hardlink_check_uid
+> > security.bsd.hardlink_check_gid
+> >
+> > If sysctl security.bsd.hardlink_check_uid is set to 1, unprivileged users
+> > are not permitted to create hard links to files not owned by them.
+> > If sysctl security.bsd.hardlink_check_gid is set to 1, unprivileged users
+> > are not permitted to create hard links to files if they are not member
+> > of file's group.
+> >
+> > For now user is able to create hardlinks to any files.
+>
+> It might be more consistent with other UNIX access checks (e.g. vaccess())
+> if having the same uid as the file was sufficient to link to it,
+> without having to be a group member. I can't convince myself either way
+> on this, but it's worth thinking about.
So you need to set security.bsd.hardlink_check_uid and don't touch
security.bsd.hardlink_check_gid.
+> Also be aware that as a side effect of this patch, old applications that use
+> the unlink()/link()/unlink() sequence instead of the rename() system call
+> may not be able to rename files they don't own.
Default values for those sysctls is 0, so system behaviour will change only
on administrator request.
--
Pawel Jakub Dawidek http://www.FreeBSD.org
pjd at FreeBSD.org http://garage.freebsd.pl
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20040308/fe9e4c72/attachment.bin
More information about the freebsd-security
mailing list