From: Kristian Fiskerstrand <k_f@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Requirements for UID/GID management
Date: Mon, 30 Jan 2017 19:43:39 +0100 [thread overview]
Message-ID: <dfa56c64-eada-a4f4-46b9-94747aae6180@gentoo.org> (raw)
In-Reply-To: <671d81bc-8432-a903-024f-40e3c19a4f96@gentoo.org>
[-- Attachment #1.1: Type: text/plain, Size: 2129 bytes --]
On 01/30/2017 07:22 PM, Michael Orlitzky wrote:
> On 01/30/2017 01:05 PM, Patrick McLean wrote:
>>
>> No, that is also enabled by default on vanilla kernels, I just verified
>> on my machine running a vanilla kernel. It doesn't matter anyway, since
>> the permissions and ownership information is stored in the inode, not
>> the dentry so all hardlinks have exactly the same permissions.
>>
>
> I don't believe you =P
>
> Check https://github.com/torvalds/linux/blob/master/fs/namei.c:
>
> int sysctl_protected_symlinks __read_mostly = 0;
> int sysctl_protected_hardlinks __read_mostly = 0;
>
> And compare with:
>
> https://gitweb.gentoo.org/proj/linux-patches.git/tree/1510_fs-enable-link-security-restrictions-by-default.patch?h=4.9
>
> The fact that all permission and ownership information is shared is
> precisely the problem. When you change ownership of the hardlink (which
> you'll never know is a hardlink), you change ownership of /etc/shadow.
>
>
To provide some background for this, it was included in mainstream
kernel at one point but caused userland regression in some edge cases so
was removed again.
It is already discussed at least on [0] and it seems the behavior was
turned the other way around in [1]: "In commit 800179c9b8a1 ("This adds
symlink and hardlink restrictions to
the Linux VFS"), the new link protections were enabled by default, in
the hope that no actual application would care, despite it being
technically against legacy UNIX (and documented POSIX) behavior.
However, it does turn out to break some applications. It's rare, and
it's unfortunate, but it's unacceptable to break existing systems, so
we'll have to default to legacy behavior.
"
You'll find some more discussion around this in e.g [bug 540006]
References:
[0] http://lwn.net/Articles/521626/
[1] http://www.spinics.net/lists/stable-commits/msg21052.html
[bug 540006] https://bugs.gentoo.org/show_bug.cgi?id=540006
--
Kristian Fiskerstrand
OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2017-01-30 18:44 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-27 17:54 [gentoo-dev] Requirements for UID/GID management Michael Orlitzky
2017-01-27 18:19 ` Alexis Ballier
2017-01-27 18:52 ` Rich Freeman
2017-01-27 19:35 ` Michael Orlitzky
2017-01-27 19:53 ` Rich Freeman
2017-01-27 20:09 ` Michael Orlitzky
2017-01-27 21:23 ` Rich Freeman
2017-01-28 3:02 ` [gentoo-dev] " Duncan
2017-01-28 2:37 ` [gentoo-dev] " Patrick McLean
2017-01-28 3:20 ` Michael Orlitzky
2017-01-28 4:21 ` Rich Freeman
2017-01-29 1:56 ` Michael Orlitzky
2017-01-29 2:22 ` Rich Freeman
2017-01-29 2:48 ` Michael Orlitzky
2017-01-29 2:54 ` Michael Orlitzky
2017-01-29 3:23 ` Gordon Pettey
2017-01-29 3:36 ` M. J. Everitt
2017-01-29 3:42 ` Michael Orlitzky
2017-01-29 10:03 ` Ulrich Mueller
2017-01-29 11:16 ` Michał Górny
2017-01-29 17:19 ` Michael Orlitzky
2017-01-29 3:05 ` M. J. Everitt
2017-01-29 8:26 ` Alan McKinnon
2017-01-29 17:05 ` Michael Orlitzky
2017-01-29 17:22 ` A. Wilcox
2017-01-29 19:31 ` james
2017-01-29 22:07 ` Alan McKinnon
2017-01-29 22:20 ` Michael Orlitzky
2017-01-29 22:30 ` Alan McKinnon
2017-01-29 23:04 ` Michael Orlitzky
2017-01-30 14:25 ` Alan McKinnon
2017-01-30 16:29 ` Michael Orlitzky
2017-01-30 18:05 ` Patrick McLean
2017-01-30 18:22 ` Michael Orlitzky
2017-01-30 18:43 ` Kristian Fiskerstrand [this message]
2017-02-03 14:51 ` [gentoo-dev] " Martin Vaeth
2017-02-03 19:29 ` Michael Orlitzky
2017-02-04 8:50 ` Christopher Head
2017-02-04 15:02 ` Michael Orlitzky
2017-02-04 18:03 ` Martin Vaeth
2017-01-28 11:28 ` [gentoo-dev] " James Le Cuirot
2017-01-28 22:54 ` Patrick McLean
2017-01-28 18:13 ` A. Wilcox
2017-01-28 19:32 ` James Le Cuirot
2017-01-28 20:34 ` Rich Freeman
2017-01-28 21:29 ` James Le Cuirot
2017-01-29 17:16 ` A. Wilcox
2017-01-29 17:34 ` James Le Cuirot
2017-01-27 19:45 ` Gregory Woodbury
2017-01-28 11:32 ` Tom H
2017-01-27 21:15 ` Michał Górny
2017-01-28 0:10 ` Michael Orlitzky
2017-01-29 22:13 ` Michael Orlitzky
2017-01-29 23:34 ` Ulrich Mueller
2017-01-29 23:45 ` Michael Orlitzky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dfa56c64-eada-a4f4-46b9-94747aae6180@gentoo.org \
--to=k_f@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox