| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20071218231404.GG8181@ftp.linux.org.uk> Date: Tue, 18 Dec 2007 23:14:04 +0000 From: Al Viro <viro@....linux.org.uk> To: Mark Lord <lkml@....ca> Cc: Alexander Viro <viro@...iv.linux.org.uk>, Andrew Morton <akpm@...ux-foundation.org>, Linux Kernel <linux-kernel@...r.kernel.org> Subject: Re: RFC: permit link(2) to work across --bind mounts ? On Tue, Dec 18, 2007 at 11:00:16PM +0000, Al Viro wrote: > On Tue, Dec 18, 2007 at 05:46:21PM -0500, Mark Lord wrote: > > Why does link(2) not support hard-linking across bind mount points > > of the same underlying filesystem ? > > Because it gives you a security boundary around a subtree. PS: that had been discussed quite a few times, but to avoid searches: consider e.g. mount --bind /tmp /tmp; now you've got a situation when users can't create links to elsewhere no root fs, even though they have /tmp writable to them. Similar technics works for other isolation needs - basically, you can confine rename/link to given subtree. IOW, it's a deliberate feature. Note that you can bind a bunch of trees into chroot and get predictable restrictions regardless of how the stuff might get rearranged a year later in the main tree, etc. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists