Date: Sun, 5 Nov 2006 11:30:29 -0800 (PST) From: Daniel Valencia <fetrovsky@yahoo.com> To: freebsd-hackers@freebsd.org Subject: Re: [patch] rm can have undesired side-effects Message-ID: <20061105193029.11274.qmail@web53902.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Shouldn't it be actually enabled by default?... I think a user should be ab= le to get the insecure behaviour _only_ if he wants to...=0A=0A- Daniel=0A= =0A=0A=0A----- Original Message ----=0AFrom: Joerg Pernfuss <elessar@bsdfor= en.de>=0ATo: Kostik Belousov <kostikbel@gmail.com>=0ACc: freebsd-hackers@fr= eebsd.org=0ASent: Saturday, November 4, 2006 10:22:36 PM=0ASubject: Re: [pa= tch] rm can have undesired side-effects=0A=0A=0AOn Sun, 5 Nov 2006 08:09:23= +0200=0AKostik Belousov <kostikbel@gmail.com> wrote:=0A=0A> On Sun, Nov 05= , 2006 at 05:28:32AM +0100, Joerg Pernfuss wrote:=0A> > And I still have no= idea why ln(1) allows links to files the user=0A> > has no access rights w= hatsoever, in a directory the owner of the=0A> > file has no access to in t= he first place. And what happens when I=0A> > link the 0600 file state_secr= et.doc that is owned by someone else,=0A> > into a directory I own and set = SUIDDIR? Will that then be my file=0A> > and the original owner will be den= ied access on his link to the=0A> > file? (yes, kernel support required, i = know. but it would be fun.)=0A> > =0A> You could use security.bsd.hardlink_= check_uid and=0A> security.bsd.hardlink_check_gid sysctls to control this. = By default,=0A> they are disabled.=0A=0AAh, thank you.=0A=0A Joerg=0A=0A= -- =0A| /"\ ASCII ribbon | GnuPG Key ID | e86d b753 3deb e749 6c3a |= =0A| \ / campaign against | 0xbbcaad24 | 5706 1f7d 6cfd bbca ad24 |=0A| = X HTML in email | .the next sentence is true. |=0A| / \ = and news | .the previous sentence was a lie. |=0A=0A
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061105193029.11274.qmail>