Date: Mon, 27 Oct 1997 18:56:01 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: guido@gvr.org (Guido van Rooij) Cc: tlambert@primenet.com, roberto@keltia.freenix.fr, freebsd-fs@FreeBSD.ORG Subject: Re: disabled symlinks Message-ID: <199710271856.LAA25520@usr04.primenet.com> In-Reply-To: <199710271828.TAA01989@gvr.gvr.org> from "Guido van Rooij" at Oct 27, 97 07:28:51 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > As far as "nosuid" goes, I will note that if root runs a program on > > a nosuid mounted volume, the program runs as root. And root can also > > "suid" to any user id, and run the program, simulating an "suid" event. > > ?? So what. That isn;t the issue here. If root runs rm -rf / things > will also break. That has nothing to do with suid. The "nosuid" was someone else's analogy. If you want nosymlink to be analogous, then excepting root from enforcement is the correct way to do it. > I still think otherwise. Now that symlinks do have owners, teh > same can be achieved by only following symlinks if they are > owned by root. This is much less objectionable to me than not following symlinks; on the other hand, you only need to *either* not allow them *OR* not follow them. The protection doesn't get better if you do both. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710271856.LAA25520>