On Thu, Oct 24, 2024 at 11:36:17AM +0200, Janne Johansson wrote:
> > >Description:
> > On a same filestem, /tmp or /var in www pages perhaps or perhaps
> > even / if they get that deep,
> > the risk exists that a user can archive a file away even though
> > they don't have permissions
> > to that file. It allows at least a "backup" of non-user owned
> > files, to be put away for
> > later examination. Whether this is intended or not to be this way
> > I don't know. It's all
> > ghoti to me.
>
> Yes, this is intended. A directory entry points to an inode, and the
> inode points to the file contents, which will only be shown to you if
> you pass the validation (ie, ownership checks) of the inode. The fact
> that you can write an extra dir-entry in a writable directory is not a
> huge security risk, since you are not able to change ownership of
> "your" hard link, so if you could not read it before, then you can't
> read it after the "original" is removed either, or just "later".
Thanks for the lengthy explanation. My query then is, why can someone
archive away files anyhow. The original user may not even know that
his/her files are saved by someone else.
Just because they aren't able to be read by the *linker* doesn't mean
he/she will never have permissions to read them. Right?
> There are several things you can do to "protect" yourself or your
> system. One is to keep secret files in dirs where others do not have
> permission to read, the second is to just go with the defaults on
> OpenBSD installs and let the installer make a lot of different file
> systems so that the system files are not colocated with user writable
> dirs, as opposed to say, making only a single large / filesystem.
To be honest, I'm starting to feel a bit clouded over by this. Any other
day I'd be saying "Huh ok, whateva"...
> That said, some other unices set this as an optional with sysctls to
> prevent anyone from hardlinking to a file which you lack permissions
> to read/write anyhow. OpenBSD does not have this as of now. I think it
> defaults to off on Linux since it broke stuff, so it's not generally
> considered "unintended" there either.
Is Linux still open source? Not a good comparison.
-pjp
> --
> May the most significant bit of your life be positive.
Same to yours.
--
{behind the name in base64}
H4sICJXqtWYAA25hbWUybnVtLmMAbU/RboJAEHy/r5hijIfQRnwU6Y8oDyccsgkc
l+OobYz/3gOq0Og+bGZnZzczC1JZ1eUS+9bm1HyUn2wxpyo6/ecy+6NlTzFSltWC
FHcAwpyzEFkpDNYOfx1Sn10Z/qpXUPwYR5mO2SQowPsXeEuw9TFd3qvQxj0puLMk
jQnhda04yx2UqCUOfU+PyvPjp0P5TZZHs8XtgTQSDF6jdFqTIzfTeCmpkuBr/coU
IUjAbVM1F2kGzTtWYuUjQPTsRAfBSxdjMM+WEqqrT9KgKcZcyxbUYpm7ZOHdaQia
hRnSbRxxY78JVrA8ygEAAA==
---
