Subject: Re: lchflags(2)?
To: None <tech-kern@netbsd.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-kern
Date: 04/20/2000 13:51:34
> I think the idea here is now you can make it so even root can't
> change where a symbolic link points to if the link itself is
> immutable, i.e. a security feature.
Are immutable files non-removable, then? Because as it stands,
*nobody* can *ever* change where a symlink points - all you can do is
remove it and create a new one. (I've thought that the write bit on a
symlink should allow atomically replacing it with symlink(2), but as
the vnode interface stands that would have to be done in the individual
filesystems rather than in sys_symlink()....)
If immutable stuff is non-removable and non-renamable, that opens up
whole piles of DoS possibilities. But if they *are* removable and/or
renamable, then there's a fairly real sense in which they're not
immutable.
Thoughts?
der Mouse
mouse@rodents.montreal.qc.ca
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B