From owner-freebsd-hackers  Tue Apr  9  1:44:19 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from gidgate.gid.co.uk (gid.co.uk [194.32.164.225])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0247F37B404; Tue,  9 Apr 2002 01:44:14 -0700 (PDT)
Received: (from rb@localhost)
	by gidgate.gid.co.uk (8.11.6/8.11.6) id g398hum19680;
	Tue, 9 Apr 2002 08:43:56 GMT
	(envelope-from rb)
Message-Id: <4.3.2.7.2.20020409094051.00c475e0@gid.co.uk>
X-Sender: rbmail@gid.co.uk
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Tue, 09 Apr 2002 09:43:53 +0100
To: Michael Smith <msmith@FreeBSD.ORG>,
	Doug White <dwhite@resnet.uoregon.edu>
From: Bob Bishop <rb@gid.co.uk>
Subject: Re: Hardlinks... 
Cc: =?ISO-8859-2?Q?Pawe=B3_Jakub_Dawidek?= <nick@garage.freebsd.pl>,
	freebsd-hackers@FreeBSD.ORG
In-Reply-To: <200204081841.g38Ifi104580@mass.dis.org>
References: <Your message of "Mon, 08 Apr 2002 11:37:38 PDT." <20020408113423.Y81506-100000@resnet.uoregon.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Hi,

At 11:41 08/04/02 -0700, Michael Smith wrote:
> > On Mon, 8 Apr 2002, [ISO-8859-2] Pawe=B3 Jakub Dawidek wrote:
> >
> > > Simple example why I think that only owner should have permission to=
=20
> create
> > > hardlinks to his files.
>...
> > I see you forgot to 'ls -l' the resultant link ... you'll find that it=
 has
> > the same permissions and ownership as the original file. Oops.
>
>You misunderstand the original poster's complaint.
>
>The issue is that a non-owner can cause the owner's file to remain alive
>even after the owner has deleted it.  Hence the comment about "later
>breakin".
>
>You could also use this technique to maliciously exhaust a user's quota,
>by linking to their temporary files.  I'm not sure what the standards
>have to say about this, but I don't much like the current behaviour.

If you have any permissions on the file, you can prolong its life without a=
=20
link simply by having a process open it. This is 'better' as a DOS because=
=20
it's harder to spot.

--
Bob Bishop		    +44 (0)118 977 4017
rb@gid.co.uk		fax +44 (0)118 989 4254


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message