Date: Tue, 9 Mar 2004 10:23:09 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: =?iso-8859-2?Q?C=E9dric?= Devillers <cedric.devillers@script.jussieu.fr> Cc: freebsd-security@freebsd.org Subject: Re: Call for review: restricted hardlinks. Message-ID: <20040309092309.GS10864@darkness.comp.waw.pl> In-Reply-To: <20040309091639.0a3a362a.cedric.devillers@script.jussieu.fr> References: <20040308093642.GI10864@darkness.comp.waw.pl> <1078780238.1937.11.camel@localhost.muc.eu.mscsoftware.com> <20040308220828.GP10864@darkness.comp.waw.pl> <20040309091639.0a3a362a.cedric.devillers@script.jussieu.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
--XZq0mbLCR4KNTYFe Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 09, 2004 at 09:16:39AM +0100, C=E9dric Devillers wrote: +> If you create several partition ( /var /usr /home ), this problem is +> resolved. Generally, in /usr, there are no directory write-able for all. +> If you have a partition for /usr, no hard link to a set-uid binary ( in +> the /usr tree ) is possible. Believe me, I'm aware of this. This "issue" can be used to other purposes as well. % ln /home/<user>/important_file ~/i_cannot_read_it_now_but_maybe_some_day= _i_will_compromise_this_machine Anyway, it is turned off by default and there is no need to use it at all. --=20 Pawel Jakub Dawidek http://www.FreeBSD.org pjd@FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am! --XZq0mbLCR4KNTYFe Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFATYz9ForvXbEpPzQRAmWhAJ0UHofH3RoHMhXxVvoHLplnlItl3QCgyBa9 jBzsxmWkpUEi4biC3Lipp1Q= =2CeU -----END PGP SIGNATURE----- --XZq0mbLCR4KNTYFe--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040309092309.GS10864>