Re: default value of security.bsd.hardlink_check_[ug]id
- From: Ceri Davies <ceri@xxxxxxxxxxxxx>
- Date: Sun, 31 Dec 2006 12:44:31 +0000
On Sat, Dec 30, 2006 at 09:08:42PM -0800, Colin Percival wrote:
FreeBSD Architects,
I'd like to make security.bsd.hardlink_check_[ug]id default to 1, starting
with FreeBSD 7.x. This would make it impossible for a user to create a hard
link to a file which he does not own.
Any objections?
One here, on the grounds that:
a) you have provided no rationale;
b) that sysctl does not currently seem to be documented anywhere, so
changing its default value would violate POLA.
There is a longer answer in which I pine after Solaris' privileges(5)
again, or wonder if this can be implemented for "system" processes only
using the new priv(9) API instead.
Ceri
--
That must be wonderful! I don't understand it at all.
-- Moliere
Attachment:
pgpZ39ujBBB1n.pgp
Description: PGP signature
- Follow-Ups:
- Re: default value of security.bsd.hardlink_check_[ug]id
- From: Robert Watson
- Re: default value of security.bsd.hardlink_check_[ug]id
- References:
- default value of security.bsd.hardlink_check_[ug]id
- From: Colin Percival
- default value of security.bsd.hardlink_check_[ug]id
- Prev by Date: default value of security.bsd.hardlink_check_[ug]id
- Next by Date: Re: default value of security.bsd.hardlink_check_[ug]id
- Previous by thread: default value of security.bsd.hardlink_check_[ug]id
- Next by thread: Re: default value of security.bsd.hardlink_check_[ug]id
- Index(es):
Relevant Pages
- Re: Backspace
... I'm a new user to FreeBSD and Unix. ... When Solaris is installed, press
backspace will give you ^H, you'll ... all key assignments are dependent on the ...
shells in UNIX environments have startup files to customize the key ... (freebsd-questions) - [Getting offtopic?] Solaris vs Linux vs FreeBSD on SPARC Machine (was: Re: Was: More FreeBSD Problem
... much less hassle than with FreeBSD. ... Any recent Solaris release will
run well on that system, ... available in both x86 and SPARC versions. ... See below
about the compile issues. ... (comp.unix.bsd.freebsd.misc) - Re: Backspace
... But actually I'm using Bourne shell on FreeBSD 6.1 just like the ... Solaris
in lab, and the FreeBSD is freshly installed, I have checked ... I think Solaris
was just like the above. ... shells in UNIX environments have startup files to customize
the key ... (freebsd-questions) - Re: Domain Name if None Registered?
... servers, and BIND, are not involved in the connection. ... For an apache
config, probably. ... I'll try to find time to get BIND running on my FreeBSD. ...
Not that you can just drop a solaris config in FreeBSD and expect it to ... (comp.unix.bsd.freebsd.misc) - Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip
... And if you want to modify the operating system, you've got to ... even Solaris
didn't have this until the last few years. ... Okay, so if I were administrating 1000 FreeBSD
machines, and having to keep ... I guess what I'd do is keep a reference machine around
for starters. ... (FreeBSD-Security)
