Date: Sun, 31 Dec 2006 12:44:31 +0000 From: Ceri Davies <ceri@submonkey.net> To: Colin Percival <cperciva@freebsd.org> Cc: "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org> Subject: Re: default value of security.bsd.hardlink_check_[ug]id Message-ID: <20061231124431.GG97921@submonkey.net> In-Reply-To: <459745DA.1010801@freebsd.org> References: <459745DA.1010801@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--a1QUDc0q7S3U7/Jg
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sat, Dec 30, 2006 at 09:08:42PM -0800, Colin Percival wrote:
> FreeBSD Architects,
>=20
> I'd like to make security.bsd.hardlink_check_[ug]id default to 1, starting
> with FreeBSD 7.x. This would make it impossible for a user to create a h=
ard
> link to a file which he does not own.
>=20
> Any objections?
One here, on the grounds that:
a) you have provided no rationale;
b) that sysctl does not currently seem to be documented anywhere, so
changing its default value would violate POLA.
There is a longer answer in which I pine after Solaris' privileges(5)
again, or wonder if this can be implemented for "system" processes only
using the new priv(9) API instead.
Ceri
--=20
That must be wonderful! I don't understand it at all.
-- Moliere
--a1QUDc0q7S3U7/Jg
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)
iD8DBQFFl7CvocfcwTS3JF8RAq8mAJ9wV+VGMfhEsoVXR1WZ4KXYKDbFbwCfZheY
vdTFelO91bGIdsAR0hZyxt8=
=giBU
-----END PGP SIGNATURE-----
--a1QUDc0q7S3U7/Jg--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061231124431.GG97921>