Re: Hard link creation witout write access

To: tech-security%NetBSD.org@localhost
Subject: Re: Hard link creation witout write access
From: Jan Schaumann <jschauma%netmeister.org@localhost>
Date: Thu, 7 Sep 2023 09:47:13 -0400

Taylor R Campbell <riastradh%NetBSD.org@localhost> wrote:
> Today I learned that you can create hard links to a file you don't own
> and can't write to or even read from:
> 
> $ su -l root -c 'touch /tmp/foo && chmod 600 /tmp/foo'
> $ ln /tmp/foo /tmp/bar
> 
> This strikes me as bonkers and a likely source of security issues.

[...]

> Apparently we have sysctl knobs
> 
> security.models.extensions.hardlink_check_uid
> security.models.extensions.hardlink_check_gid
> 

Just cross-referencing the earlier discussion from
last year that lead to the addition of the sysctls:

https://mail-index.netbsd.org/tech-security/2022/03/25/msg001108.html

(This was referenced in the tech-kern@ version of this
thread
https://mail-index.netbsd.org/tech-kern/2023/09/07/msg029117.html;
linking that here explicitly as well to make it easier
for people going through the archives.)

-Jan

References:
- Hard link creation witout write access
  - From: Taylor R Campbell

Prev by Date: Re: Hard link creation witout write access
Next by Date: Re: Hard link creation witout write access
Previous by Thread: Re: Hard link creation witout write access
Next by Thread: Re: Hard link creation witout write access
Indexes:

Home | Main Index | Thread Index | Old Index