Followup to: <Pine.LNX.4.21.0006020021330.30660-100000@ferret.lmh.ox.ac.uk>
By author: Chris Evans <chris@ferret.lmh.ox.ac.uk>
In newsgroup: linux.dev.kernel
>
> > Yes, we must check that it's not immutable/append-only (the former already
> > checked, the latter... OK, needs to be added). But parent?
> > Look: if we can add/remove on parent the permissions on mountpoint do not
> > matter at all, because of your scenario. So maybe we need to check the
> > parent (+ imm/a-o on the mountpoint, as usual) and to fsck with
> > permissions on the mountpoint...
>
> Sounds cool - as long as we we cater for S_ISVTX (I think we do), and
> perform the checks even if a privileged user is doing the operation -
> don't want immutable/append-only circumventions :)
>
It's not. Think of what happens when an unprivileged user creates
10000 aliases of a large directory. Bye-bye, backups...
This really *does* need to be a privileged operation.
-hpa
-- <hpa@transmeta.com> at work, <hpa@zytor.com> in private! "Unix gives you enough rope to shoot yourself in the foot."- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:13 EST