On Fri, 3 Dec 1999, Alexander Viro wrote:
>Oh, great. So your reasons should pass for arbitrary filesystem, right?
It's always been so. Sorry if I am been not clear. I was talking about the
VFS not about lowlevel fs. I don't either know why coda especially
dislikes hardlinks.
>Let's see: you are not closing any security hole. You are creating
>gratitious incompatibility with everything and sundry, just because you
>can't be bothered to learn standard mechanisms (make a directory
>unavaliable and none of the links there will be cloned). You propose
This works fine for a .gnupg directory but I just don't like to close the
door completly to be sure that an rm will delete my files. I can take in
my home directory useful stuff. I just don't like the idea that when I
delete a file, the same inode could stay allocated somewhere with my
ownership and the admin may think I moved my file there.
>schemes that require root being involved (group creation, for one).
Yes. I think it's a minor issue as you just need root involved also for
sharing rw some file in a limited workgroup.
>Great. Sorry, but count me against that. Submit such patches to Linus, if
Really it seems nobody cares about the implications of the problem and if
nobody needs the change I don't need it either for myself. So probably
it's better to put the change in an unofficial patch (for example in the
Solar's secure-linux patch with the stack not executable stuff?) so very
special cases will have a way to go with linux.
Actually AFIK there's no such a patch floating around but it's very
trivial to implement. Something like that should do the trick. It's not
checking the gid field yet as I am been too lazy (if somebody needs
I can produce a fully featured one).
--- 2.3.30pre3/fs/namei.c.~1~ Sat Oct 16 03:34:52 1999
+++ 2.3.30pre3/fs/namei.c Fri Dec 3 02:14:05 1999
@@ -1204,14 +1204,18 @@
if (dir->d_inode->i_dev != inode->i_dev)
goto exit_lock;
+
+ /* Forbid to hardlink a file not owned by us */
+ error = -EPERM;
+ if (inode->i_uid != current->fsuid)
+ goto exit_lock;
+
/*
* A link to an append-only or immutable file cannot be created.
*/
- error = -EPERM;
if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
goto exit_lock;
- error = -EPERM;
if (!dir->d_inode->i_op || !dir->d_inode->i_op->link)
goto exit_lock;
Andrea
