Re: VFS: Dynamic umask for the access rights of linked objects

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Feb 28, 2006, at 22:54:15, Hauke Laging wrote:
6) In my scenario the VFS would add a step after 4): It would check if the symlink has been created by someone different from the process's uid and from root. If so there is the risk of abuse and the access check would be repeated for the symlink owner.

7) The VFS would find out that the symlink owner is not allowed to write to /etc/passwd. Thus the write access is prohibited, even for a process with superuser rights.

Feel free to write an LSM to do this, but it breaks POSIX specs a bit and could cause problems with some programs, so it's not likely to become the default behavior.

Cheers,
Kyle Moffett


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux