From owner-freebsd-security  Sun Mar 14 14:42:55 1999
Delivered-To: freebsd-security@freebsd.org
Received: from trooper.velocet.ca (host-034.canadiantire.ca [209.146.201.34])
	by hub.freebsd.org (Postfix) with ESMTP id BF0BD14C82
	for <security@FreeBSD.ORG>; Sun, 14 Mar 1999 14:42:52 -0800 (PST)
	(envelope-from dgilbert@trooper.velocet.ca)
Received: (from dgilbert@localhost)
	by trooper.velocet.ca (8.8.7/8.8.7) id RAA00297;
	Sun, 14 Mar 1999 17:40:00 -0500 (EST)
From: David Gilbert <dgilbert@velocet.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14060.15038.71703.849469@trooper.velocet.ca>
Date: Sun, 14 Mar 1999 17:39:58 -0500 (EST)
To: Michael Richards <026809r@dragon.acadiau.ca>
Cc: security@FreeBSD.ORG
Subject: Getting rid of hard links?
In-Reply-To: <Pine.GSO.4.05.9903141735000.1568-100000@dragon>
References: <Pine.GSO.4.05.9903141735000.1568-100000@dragon>
X-Mailer: VM 6.62 under Emacs 19.34.2
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>>>>> "Michael" == Michael Richards <026809r@dragon.acadiau.ca> writes:

Michael> the internals as I did not write it, however I am told our
Michael> system can be ported over to OpenBSD with less trouble than
Michael> fixing whatever requires the hard links. FreeBSD has served
Michael> us well and I hope we don't have to abandon it :(

Similarly, I have made a lot of diskless servers (100Mb networking is
faster than cheep local disk for swap) and use hard links for each
root extensively.

Michael> It seems to me that the changes to rm/cp would be the
Michael> smartest route because it wouldn't break anything and would
Michael> seemingly address most of the issues brought up.

Fixing the problem instead of the symptom?  Maybe links (hard and
soft) should only have the permissions that the user can create
subject to a mask of permissions on the origional file?  Ie: I can't
create a link to a suid file that is suid unless I could create the
suid file.

Dave.

-- 
============================================================================
|David Gilbert, Velocet Communications.       | Two things can only be     |
|Mail:       dgilbert@velocet.net             |  equal if and only if they |
|http://www.velocet.net/~dgilbert             |   are precisely opposite.  |
=========================================================GLO================


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message