From: | Michael Orlitzky <mjo@g.o> | ||
---|---|---|---|
To: | gentoo-dev@l.g.o | ||
Subject: | Re: [gentoo-dev] Requirements for UID/GID management | ||
Date: | Mon, 30 Jan 2017 18:23:10 | ||
Message-Id: | 671d81bc-8432-a903-024f-40e3c19a4f96@gentoo.org | ||
In Reply to: | Re: [gentoo-dev] Requirements for UID/GID management by Patrick McLean |
1 | On 01/30/2017 01:05 PM, Patrick McLean wrote: |
2 | > |
3 | > No, that is also enabled by default on vanilla kernels, I just verified |
4 | > on my machine running a vanilla kernel. It doesn't matter anyway, since |
5 | > the permissions and ownership information is stored in the inode, not |
6 | > the dentry so all hardlinks have exactly the same permissions. |
7 | > |
8 | |
9 | I don't believe you =P |
10 | |
11 | Check https://github.com/torvalds/linux/blob/master/fs/namei.c: |
12 | |
13 | int sysctl_protected_symlinks __read_mostly = 0; |
14 | int sysctl_protected_hardlinks __read_mostly = 0; |
15 | |
16 | And compare with: |
17 | |
18 | https://gitweb.gentoo.org/proj/linux-patches.git/tree/1510_fs-enable-link-security-restrictions-by-default.patch?h=4.9 |
19 | |
20 | The fact that all permission and ownership information is shared is |
21 | precisely the problem. When you change ownership of the hardlink (which |
22 | you'll never know is a hardlink), you change ownership of /etc/shadow. |
Subject | Author |
---|---|
Re: [gentoo-dev] Requirements for UID/GID management | Kristian Fiskerstrand <k_f@g.o> |
[gentoo-dev] Re: Requirements for UID/GID management | Martin Vaeth <martin@×××××.de> |