Re: hard links create local DoS vulnerability and security problems

[Amon Ott]

On Dienstag, 25. November 2003 01:35, Chris Wright wrote:
> * bill davidsen (davidsen@xxxxxxx) wrote:
> > 
> > While I think you're overblowing the problem, it is an issue which might
> > be addressed in SE Linux or somewhere. I have an idea on that, but I
> > want to look before I suggest anything.
> 
> SELinux controls hard link creation by checking, among other things,
> the security context of the process attempting the link, and the security
> context of the target (oldpath).  Other MAC systems do similar, and some
> patches such as grsec and owl simply disable linking to files the user
> can't read/write to for example.

..and in RSBAC, LINK_HARD has been a controlled separate type of access since 
the very first version back in 1997. It has always been treated like a write 
access to the target file by all decision modules, because of the 
implications mentioned in this thread.

Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/