Makes sense to me. Thanks for catching this, Pawel. --matt
On Sun, Oct 6, 2013 at 1:24 AM, Pawel Jakub Dawidek <[email protected]> wrote: > Hi. > > I'm forwarding my reply to an e-mail to freebsd-fs@. > > I believe that when we have immutable flag set on an inode/znode it > shouldn't be possible to change its link count. We don't allow it for > unlink(2) (going from N to N-1), so we shouldn't allow to increase it > either. > > This also have some security implications. In FreeBSD every base set-uid > binary has this immutable flag set. This prevents non-root users from > creating hardlinks to those binaries (even if they have write access to > Received: from [91.121.88.72] (helomail.dawidek.net) > by node002.open-zfs.net > with esmtp (HybridCluster distributed mail proxy) > (envelope-from <[email protected]>); Sun, 06 Oct 2013 08:23:40 > -0000 > a directory on the same file system, which without immutable flag is > possible). Creating those hardlinks may be profitable in case a new > security bug is found in such a binary. Even if administrator updates > the system, the user will still have access to the old, vulnerable > version. > > The patch is here: > > http://people.freebsd.org/~pjd/patches/zfs_vnops.c.8.patch > > -- > Pawel Jakub Dawidek http://www.wheelsystems.com > FreeBSD committer http://www.FreeBSD.org > Am I Evil? Yes, I Am! http://mobter.com > > > ---------- Forwarded message ---------- > From: Pawel Jakub Dawidek <[email protected]> > To: Oleg Ginzburg <[email protected]> > Cc: [email protected] > Date: Tue, 17 Sep 2013 20:09:04 +0200 > Subject: Re: linkat(2) Operation not permitted > > _______________________________________________ > developer mailing list > [email protected] > http://lists.open-zfs.org/mailman/listinfo/developer > >
_______________________________________________ developer mailing list [email protected] http://lists.open-zfs.org/mailman/listinfo/developer
