From owner-freebsd-arch@FreeBSD.ORG  Sun Dec 31 13:11:05 2006
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
X-Original-To: freebsd-arch@freebsd.org
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 5C58216A403
	for <freebsd-arch@freebsd.org>; Sun, 31 Dec 2006 13:11:05 +0000 (UTC)
	(envelope-from ceri@submonkey.net)
Received: from shrike.submonkey.net (cpc2-cdif2-0-0-cust107.cdif.cable.ntl.com
	[81.104.168.108])
	by mx1.freebsd.org (Postfix) with ESMTP id 1305313C45B
	for <freebsd-arch@freebsd.org>; Sun, 31 Dec 2006 13:11:04 +0000 (UTC)
	(envelope-from ceri@submonkey.net)
Received: from ceri by shrike.submonkey.net with local (Exim 4.64 (FreeBSD))
	(envelope-from <ceri@submonkey.net>)
	id 1H103D-000Myw-It; Sun, 31 Dec 2006 12:44:31 +0000
Date: Sun, 31 Dec 2006 12:44:31 +0000
From: Ceri Davies <ceri@submonkey.net>
To: Colin Percival <cperciva@freebsd.org>
Message-ID: <20061231124431.GG97921@submonkey.net>
Mail-Followup-To: Ceri Davies <ceri@submonkey.net>,
	Colin Percival <cperciva@freebsd.org>,
	"freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>
References: <459745DA.1010801@freebsd.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="a1QUDc0q7S3U7/Jg"
Content-Disposition: inline
In-Reply-To: <459745DA.1010801@freebsd.org>
X-PGP: finger ceri@FreeBSD.org
User-Agent: Mutt/1.5.13 (2006-08-11)
Sender: Ceri Davies <ceri@submonkey.net>
Cc: "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>
Subject: Re: default value of security.bsd.hardlink_check_[ug]id
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Dec 2006 13:11:05 -0000


--a1QUDc0q7S3U7/Jg
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Dec 30, 2006 at 09:08:42PM -0800, Colin Percival wrote:
> FreeBSD Architects,
>=20
> I'd like to make security.bsd.hardlink_check_[ug]id default to 1, starting
> with FreeBSD 7.x.  This would make it impossible for a user to create a h=
ard
> link to a file which he does not own.
>=20
> Any objections?

One here, on the grounds that:

 a) you have provided no rationale;
 b) that sysctl does not currently seem to be documented anywhere, so
     changing its default value would violate POLA.

There is a longer answer in which I pine after Solaris' privileges(5)
again, or wonder if this can be implemented for "system" processes only
using the new priv(9) API instead.

Ceri
--=20
That must be wonderful!  I don't understand it at all.
                                                  -- Moliere

--a1QUDc0q7S3U7/Jg
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)

iD8DBQFFl7CvocfcwTS3JF8RAq8mAJ9wV+VGMfhEsoVXR1WZ4KXYKDbFbwCfZheY
vdTFelO91bGIdsAR0hZyxt8=
=giBU
-----END PGP SIGNATURE-----

--a1QUDc0q7S3U7/Jg--