Re: Can't hardlink in different dirs. (BUG#826)

Andrea Arcangeli (andrea@suse.de)
Fri, 3 Dec 1999 23:06:27 +0100 (CET)

On Fri, 3 Dec 1999, Alexander Viro wrote:

>Oh, great. So your reasons should pass for arbitrary filesystem, right?

It's always been so. Sorry if I am been not clear. I was talking about the
VFS not about lowlevel fs. I don't either know why coda especially
dislikes hardlinks.

>Let's see: you are not closing any security hole. You are creating
>gratitious incompatibility with everything and sundry, just because you
>can't be bothered to learn standard mechanisms (make a directory
>unavaliable and none of the links there will be cloned). You propose

This works fine for a .gnupg directory but I just don't like to close the
door completly to be sure that an rm will delete my files. I can take in
my home directory useful stuff. I just don't like the idea that when I
delete a file, the same inode could stay allocated somewhere with my
ownership and the admin may think I moved my file there.

>schemes that require root being involved (group creation, for one).

Yes. I think it's a minor issue as you just need root involved also for
sharing rw some file in a limited workgroup.

>Great. Sorry, but count me against that. Submit such patches to Linus, if

Really it seems nobody cares about the implications of the problem and if
nobody needs the change I don't need it either for myself. So probably
it's better to put the change in an unofficial patch (for example in the
Solar's secure-linux patch with the stack not executable stuff?) so very
special cases will have a way to go with linux.

Actually AFIK there's no such a patch floating around but it's very
trivial to implement. Something like that should do the trick. It's not
checking the gid field yet as I am been too lazy (if somebody needs
I can produce a fully featured one).

--- 2.3.30pre3/fs/namei.c.~1~ Sat Oct 16 03:34:52 1999
+++ 2.3.30pre3/fs/namei.c Fri Dec 3 02:14:05 1999
@@ -1204,14 +1204,18 @@
if (dir->d_inode->i_dev != inode->i_dev)
goto exit_lock;

+
+ /* Forbid to hardlink a file not owned by us */
+ error = -EPERM;
+ if (inode->i_uid != current->fsuid)
+ goto exit_lock;
+
/*
* A link to an append-only or immutable file cannot be created.
*/
- error = -EPERM;
if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
goto exit_lock;

- error = -EPERM;
if (!dir->d_inode->i_op || !dir->d_inode->i_op->link)
goto exit_lock;

Andrea

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/