From owner-freebsd-arch@FreeBSD.ORG Sat Jan 6 16:45:08 2007 Return-Path: X-Original-To: freebsd-arch@freebsd.org Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 296C716A40F for ; Sat, 6 Jan 2007 16:45:08 +0000 (UTC) (envelope-from cykyc@yahoo.com) Received: from web56107.mail.re3.yahoo.com (web56107.mail.re3.yahoo.com [216.252.110.201]) by mx1.freebsd.org (Postfix) with SMTP id C4E3713C441 for ; Sat, 6 Jan 2007 16:45:07 +0000 (UTC) (envelope-from cykyc@yahoo.com) Received: (qmail 27094 invoked by uid 60001); 6 Jan 2007 16:18:26 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=29CFD0Uc0iTRzB1M0fIoNVYFTWZosjM0LamsoLbYJXTrDqBSylqmusTckEkTP5B/E1mVsrzeGme4MNWEaewJhFZxHhymz9hwSNGpdGLmEbrWJDJ4hcvtNi+eLzQeHmU34pS/gnAzm2PmGtlH2mjoMKbdKNZIdzVvJ1nOlxGSx4w=; X-YMail-OSG: q5.0fg8VM1mdL0eB.uJFvw0_vhvXv9oK.wqmr0dfzFb6LfBXDtPEhqFN7HL2sa3bSSgBlwhfooNutRpRG6uvjoP6m7wolaMqw11TBLCc69G4iLJ9fifRhMBnEsuqAG0LZ.gHzW8kBis.8Jtt0XGDvzH7kfEY_DcEIlaaADGJxg5nZ1rxb9i1EGpDKU5g Received: from [209.98.139.33] by web56107.mail.re3.yahoo.com via HTTP; Sat, 06 Jan 2007 08:18:26 PST Date: Sat, 6 Jan 2007 08:18:26 -0800 (PST) From: Jon Passki To: Robert Watson , Colin Percival In-Reply-To: <20070102230111.M7974@fledge.watson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-ID: <77286.26791.qm@web56107.mail.re3.yahoo.com> Cc: Ceri Davies , "freebsd-arch@freebsd.org" Subject: Re: default value of security.bsd.hardlink_check_[ug]id X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: cykyc@yahoo.com List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jan 2007 16:45:08 -0000 --- Robert Watson wrote: > > On Mon, 1 Jan 2007, Colin Percival wrote: > > > Ceri Davies wrote: > >> On Sat, Dec 30, 2006 at 09:08:42PM -0800, Colin Percival wrote: > >>> I'd like to make security.bsd.hardlink_check_[ug]id default to 1, > starting > >>> with FreeBSD 7.x. This would make it impossible for a user to > create a hard > >>> link to a file which he does not own. > >> > >> a) you have provided no rationale; > > > > Allowing users to create hard links to files which they do not own > creates > > problems: > > 1. If disk quotas are enabled, a user can waste another user's disk > quota by > > making it impossible for said other user to delete files. > > 2. It becomes difficult to apply security fixes for issues > involving setuid > > binaries, since a local attacker could create hard links to all the > setuid > > binaries (or at least those on filesystems where he can write > somewhere) and > > wait for a security issue to be found. > > I find the second argument here most compelling, and use it as an > example > frequently when complaining about hard links. Hard links also one of > the > elements that makes it difficult to usefully generate names for file > system > objects, due to their introducing ambiguity. Or this goofy one: http://www.freebsd.org/cgi/query-pr.cgi?pr=conf/89589 Btw, OpenBSD does not allow this behavior but NetBSD does. At a minimum, if the user cannot even copy a file, he or she ought not to hard link the file. This behaviour, though, was permitted the last time I checked. Cheers, Jon __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com