default value of security.bsd.hardlink_check_[ug]id
Ceri Davies
ceri at submonkey.net
Sun Dec 31 07:56:40 PST 2006
On Sun, Dec 31, 2006 at 03:36:33PM +0000, Robert Watson wrote:
> On Sat, 30 Dec 2006, Colin Percival wrote:
>
> >I'd like to make security.bsd.hardlink_check_[ug]id default to 1, starting
> >with FreeBSD 7.x. This would make it impossible for a user to create a
> >hard link to a file which he does not own.
> >
> >Any objections?
>
> I'm not opposed to this in principle (in fact, I think it's a good idea in
> principle), but I think it would make sense to evaluate what other
> operating systems are doing on this front. For example, I think Pawel
> recently mentioned that Sun has already made this change (or the equivilent
> in Solaris), but we should confirm that, and google to see if there have
> been many problems for Solaris users.
Solaris 10 definitely hasn't done this. The ability to create hard
links to file that you do not own is controlled by the file_link_any
privilege which is in the basic set, the basic set being defined as
"what unprivileged processes could do before we introduced
privileges(5)". Of course, you can configure Solaris such that
unprivileged processes get a subset of the basic set by default (via
policy.conf), but that isn't how it comes out of the box.
The current OpenSolaris code base hasn't changed this either; see
src/uts/common/os/priv_defs.
Ceri
--
That must be wonderful! I don't understand it at all.
-- Moliere
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20061231/994f0f3f/attachment.pgp
More information about the freebsd-arch
mailing list