Shouldn't it be actually enabled by default?... I think a user should be able to get the insecure behaviour _only_ if he wants to...
- Daniel ----- Original Message ---- From: Joerg Pernfuss <[EMAIL PROTECTED]> To: Kostik Belousov <[EMAIL PROTECTED]> Cc: [email protected] Sent: Saturday, November 4, 2006 10:22:36 PM Subject: Re: [patch] rm can have undesired side-effects On Sun, 5 Nov 2006 08:09:23 +0200 Kostik Belousov <[EMAIL PROTECTED]> wrote: > On Sun, Nov 05, 2006 at 05:28:32AM +0100, Joerg Pernfuss wrote: > > And I still have no idea why ln(1) allows links to files the user > > has no access rights whatsoever, in a directory the owner of the > > file has no access to in the first place. And what happens when I > > link the 0600 file state_secret.doc that is owned by someone else, > > into a directory I own and set SUIDDIR? Will that then be my file > > and the original owner will be denied access on his link to the > > file? (yes, kernel support required, i know. but it would be fun.) > > > You could use security.bsd.hardlink_check_uid and > security.bsd.hardlink_check_gid sysctls to control this. By default, > they are disabled. Ah, thank you. Joerg -- | /"\ ASCII ribbon | GnuPG Key ID | e86d b753 3deb e749 6c3a | | \ / campaign against | 0xbbcaad24 | 5706 1f7d 6cfd bbca ad24 | | X HTML in email | .the next sentence is true. | | / \ and news | .the previous sentence was a lie. | _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
