User: Password:
|
|
Subscribe / Log in / New account

Tightening security: not for the impatient

Tightening security: not for the impatient

Posted Jul 6, 2012 19:49 UTC (Fri) by mfedyk (guest, #55303)
In reply to: Tightening security: not for the impatient by kevinm
Parent article: Tightening security: not for the impatient

Since most filesystems do not have a reverse reference from inode to dirents that point to them, you would either have to do a directory tree walk or hope it's already cached in the dcache, which would lead to immeasurable amounts of fun. That, or it would depend on which dirent was used to look up the inode.

No, this hard link change could not be related to directory sticky bit because multiple directories could point to the same inode (hard links).

That said, it would be acceptable IMO if it was activated with a mount option.


(Log in to post comments)

Tightening security: not for the impatient

Posted Jul 9, 2012 3:55 UTC (Mon) by kevinm (guest, #69913) [Link]

It's not the director(ies) where the current links are that matter, it's the directory where the new link is being created that should have to be sticky for the new rules to apply.

It even makes sense, because in a sticky directory you can create hardlinks that you can't then remove, but the same isn't true of nonsticky directories.

It's also unambiguous, and the destination directory of the link already has to be looked up to create the link.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds