Date: Mon, 30 Aug 1999 11:12:05 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> Cc: imp@village.org (Warner Losh), bde@zeta.org.au (Bruce Evans), dynamo@ime.net, security@FreeBSD.ORG Subject: Re: Not sure if you got it... Message-ID: <199908301812.LAA16174@apollo.backplane.com> References: <199908301801.LAA66101@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
:>
:> Any objections to chflags nouflags going into the tree, modulo
:> problems with the actual code that does it?
:
:I don't have a problem with that.
:
:>
:> I'd also like to have a new flag to rm. -F. One -F will be
:> chflags nouflags foo ; rm -f foo
:> while two -F will be
:> chflags 0 foo ; rm -f foo
:
:I have a problem with this, it means updating 1 more chunk of code
:should the set of items in uflags change.
:
:--
:Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net
Maybe what we need to do is allow a umask to be set for the flag bits
in the mount. So, for example, you would be able to specify which flag
bits are allowed to be set on a mount-by-mount basis (both user and
system). Otherwise we may wind up spending the next year trying to
'fix' security holes in scripts related to the flag bits.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908301812.LAA16174>