Linux security non-modules and AppArmor
Posted Jul 6, 2007 8:29 UTC (Fri) by farnz
In reply to: Linux security non-modules and AppArmor
Parent article: Linux security non-modules and AppArmor
You're still facing two problems with hard links:
- I can create a hard link in /tmp to another file in /tmp, and then (assuming suitable partitioning), someone else can move the file or the hard link to /etc. The move creates a hard link from /tmp to /etc, so you'd have to ban use of rename(2) to atomically move files from one location to another.
- Security policy is per-application; any path has multiple different security policies applying to it, depending on which application is accessing it. Working out the union of policies, and only allowing hard links if the union of policies is "safe" is a hard task.
to post comments)