Date: Mon, 24 Nov 2003 16:35:53 -0800
From: Chris Wright <chrisw@osdl.org>
To: bill davidsen <davidsen@tmr.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: hard links create local DoS vulnerability and security problems
Message-ID: <20031124163553.B16684@osdlab.pdx.osdl.net>
References: <200311241736.23824.jlell@JakobLell.de> <bpu5fk$vsn$1@gatekeeper.tmr.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <bpu5fk$vsn$1@gatekeeper.tmr.com>; from davidsen@tmr.com on Mon, Nov 24, 2003 at 11:50:12PM +0000
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1229
Lines: 32

* bill davidsen (davidsen@tmr.com) wrote:
> 
> While I think you're overblowing the problem, it is an issue which might
> be addressed in SE Linux or somewhere. I have an idea on that, but I
> want to look before I suggest anything.

SELinux controls hard link creation by checking, among other things,
the security context of the process attempting the link, and the security
context of the target (oldpath).  Other MAC systems do similar, and some
patches such as grsec and owl simply disable linking to files the user
can't read/write to for example.

> Bear in mind it isn't a "problem" it's 'expected behaviour" for the o/s,
> and might even be mentioned in SuS somehow. Interesting topic, but not a
> bug, since the behaviour is as intended.

SuS states:
	
	The implementation may require that the calling process has
	permission to access the existing file.

Note the use of *may*.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/