Date: Mon, 8 Mar 2004 10:36:42 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: freebsd-security@freebsd.org Subject: Call for review: restricted hardlinks. Message-ID: <20040308093642.GI10864@darkness.comp.waw.pl>
next in thread | raw e-mail | index | archive | help
--BVXm2WAry1WzRMtx Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi. I've no response from so@ in this topic, probably because leak of time, so I'll try here. Here is a patch that I'm planing to commit: http://people.freebsd.org/~pjd/patches/restricted_hardlinks.patch It adds two new sysctls: security.bsd.hardlink_check_uid security.bsd.hardlink_check_gid If sysctl security.bsd.hardlink_check_uid is set to 1, unprivileged users are not permitted to create hard links to files not owned by them. If sysctl security.bsd.hardlink_check_gid is set to 1, unprivileged users are not permitted to create hard links to files if they are not member of file's group. For now user is able to create hardlinks to any files. --=20 Pawel Jakub Dawidek http://www.FreeBSD.org pjd@FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am! --BVXm2WAry1WzRMtx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFATD6qForvXbEpPzQRAiTaAKCfMXA2A16hSpkekHEVorj7V+p7GACeMUyt KwUJryIp77pUS/B87rmDEwA= =vl8P -----END PGP SIGNATURE----- --BVXm2WAry1WzRMtx--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040308093642.GI10864>