Re: Hard link creation witout write access

To: RVP <rvp%SDF.ORG@localhost>
Subject: Re: Hard link creation witout write access
From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
Date: Thu, 7 Sep 2023 12:03:28 +0000

[trimming tech-userlevel and tech-kern from cc list to avoid
cross-posting the entire thread]

> Date: Thu, 7 Sep 2023 11:53:56 +0000 (UTC)
> From: RVP <rvp%SDF.ORG@localhost>
> 
> On Thu, 7 Sep 2023, Taylor R Campbell wrote:
> 
> > I think we should have these knobs on by default, but of course in
> > principle that might break existing configurations.  So maybe we could
> > put it in the default /etc/sysctl.conf -- that way you only get it on
> > upgrade if you merge updates to /etc.
> 
> I played with this after christos@ added the knobs last year[1], and then
> sort(1) broke badly. See PR 56775. Expect further squalls if this is turned
> on by default.

That suggests the semantics we've implemented for the sysctl knobs is
not quite right:

	if (hardlink_check_uid && kauth_cred_geteuid(cred) != va.va_uid)
		goto checkroot;

	if (hardlink_check_gid && kauth_cred_groupmember(cred, va.va_gid) != 0)
		goto checkroot;

It seems to me the rule should be:

1. If you own the file you can make hard links.
2. If you are in the file's group and the file is group-writable you
   can make hard links.
3. Maybe if the file is other-writable you can make hard links.

The problem with sort in /tmp is that hardlink_check_gid requires you
to be in the file's group _even if you own the file_, which is also a
bonkers restriction.

Follow-Ups:
- Re: Hard link creation witout write access
  - From: Mouse

References:
- Re: Hard link creation witout write access
  - From: RVP

Prev by Date: Re: Hard link creation witout write access
Next by Date: Re: Hard link creation witout write access
Previous by Thread: Re: Hard link creation witout write access
Next by Thread: Re: Hard link creation witout write access
Indexes:

Home | Main Index | Thread Index | Old Index