Archives
Archives
| From: | Michael Orlitzky <mjo@g.o> | ||
|---|---|---|---|
| To: | gentoo-dev@l.g.o | ||
| Subject: | Re: [gentoo-dev] Requirements for UID/GID management | ||
| Date: | Mon, 30 Jan 2017 18:23:10 | ||
| Message-Id: | 671d81bc-8432-a903-024f-40e3c19a4f96@gentoo.org | ||
| In Reply to: | Re: [gentoo-dev] Requirements for UID/GID management by Patrick McLean |
||
| 1 | On 01/30/2017 01:05 PM, Patrick McLean wrote: |
| 2 | > |
| 3 | > No, that is also enabled by default on vanilla kernels, I just verified |
| 4 | > on my machine running a vanilla kernel. It doesn't matter anyway, since |
| 5 | > the permissions and ownership information is stored in the inode, not |
| 6 | > the dentry so all hardlinks have exactly the same permissions. |
| 7 | > |
| 8 | |
| 9 | I don't believe you =P |
| 10 | |
| 11 | Check https://github.com/torvalds/linux/blob/master/fs/namei.c: |
| 12 | |
| 13 | int sysctl_protected_symlinks __read_mostly = 0; |
| 14 | int sysctl_protected_hardlinks __read_mostly = 0; |
| 15 | |
| 16 | And compare with: |
| 17 | |
| 18 | https://gitweb.gentoo.org/proj/linux-patches.git/tree/1510_fs-enable-link-security-restrictions-by-default.patch?h=4.9 |
| 19 | |
| 20 | The fact that all permission and ownership information is shared is |
| 21 | precisely the problem. When you change ownership of the hardlink (which |
| 22 | you'll never know is a hardlink), you change ownership of /etc/shadow. |
| Subject | Author |
|---|---|
| Re: [gentoo-dev] Requirements for UID/GID management | Kristian Fiskerstrand <k_f@g.o> |
| [gentoo-dev] Re: Requirements for UID/GID management | Martin Vaeth <martin@×××××.de> |