Date: Tue, 09 Apr 2002 09:43:53 +0100 From: Bob Bishop <rb@gid.co.uk> To: Michael Smith <msmith@FreeBSD.ORG>, Doug White <dwhite@resnet.uoregon.edu> Cc: =?ISO-8859-2?Q?Pawe=B3_Jakub_Dawidek?= <nick@garage.freebsd.pl>, freebsd-hackers@FreeBSD.ORG Subject: Re: Hardlinks... Message-ID: <4.3.2.7.2.20020409094051.00c475e0@gid.co.uk> In-Reply-To: <200204081841.g38Ifi104580@mass.dis.org> References: <Your message of "Mon, 08 Apr 2002 11:37:38 PDT." <20020408113423.Y81506-100000@resnet.uoregon.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, At 11:41 08/04/02 -0700, Michael Smith wrote: > > On Mon, 8 Apr 2002, [ISO-8859-2] Pawe=B3 Jakub Dawidek wrote: > > > > > Simple example why I think that only owner should have permission to= =20 > create > > > hardlinks to his files. >... > > I see you forgot to 'ls -l' the resultant link ... you'll find that it= has > > the same permissions and ownership as the original file. Oops. > >You misunderstand the original poster's complaint. > >The issue is that a non-owner can cause the owner's file to remain alive >even after the owner has deleted it. Hence the comment about "later >breakin". > >You could also use this technique to maliciously exhaust a user's quota, >by linking to their temporary files. I'm not sure what the standards >have to say about this, but I don't much like the current behaviour. If you have any permissions on the file, you can prolong its life without a= =20 link simply by having a process open it. This is 'better' as a DOS because= =20 it's harder to spot. -- Bob Bishop +44 (0)118 977 4017 rb@gid.co.uk fax +44 (0)118 989 4254 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20020409094051.00c475e0>