Subject: Links and Security
To: None <current-users@NetBSD.ORG>
From: Rick Byers <>
List: current-users
Date: 06/06/1997 09:53:18
Hi All,

I've noticed there are a lot of security issues concerning linked (smy or
orhterwise) files (tricking a program to write over the wrong file by
linking it), etc...  I have been unable to think of any situation in which
you would legitimatly _need_ to link to a file you don't own.  I
personnaly don't like the idea at all.  It seems like an oversight to
allow any user to link to any file they can read from.  For example, one
user could make a directory 700, then link another users files into there.
When the other user deletes his files, it's still taking up his quota,
and he can't delete them because he can't get into the directory where
they are.  Is there something I'm missing that makes this behaviour a
necesity (besides standards)?.

Is there any great argument against having a kernel option that disables
linking to files you don't own?  This would stop all the possible security
problems associated with linking /etc/passwd to <you're favourite temp
file here>, and seems like generally just a good idea to me.  I don't
think we should change the default behaviour, but just allow someone that
knows what they are doing to disable links to files not owned by the
linker. Should this be implemented with a kernel compile-time option, or
in sysctl?


Rick Byers                                      Internet Access Worldwide                                System Admin, Tech Support
Welland, Ontario, Canada                                    (905)714-1400