Architecture and design discussions

headers Bruce Evans | 1 Jan 2007 11:06

On Sun, 31 Dec 2006, Robert Watson wrote:

> I'm not entirely happy with the current implementation, FWIW.  I'd like 
> can_hardlink to be implemented in the per file system code, possibly by 
> invoking a common routine of this sort, avoiding the extra call to 
> VOP_GETATTR(), and allowing file systems not implementing ownership in 
> traditional ways (msdosfs, etc) to do whatever makes sense in their context. 
> On the whole, these sorts of decisions are made in each file system, often 
> using common code (perhaps centralized), and not at the VFS layer.

I think it also has wrong semantics.  It denies privilege based on
non-ownership, while everything that uses vaccess() grants privilege
based on ownership.  This gives the surprising behaviour that if
hardlink_check_gid = 1, the owner of a file can do anything to the
file except link to it in cases where the group of the file isn't in
the caller's group list (and no immutable but is set).

Bruce
_______________________________________________
freebsd-arch <at> freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe <at> freebsd.org"

Mon	Tue	Wed	Thu	Fri	Sat	Sun

1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

81	May 2013
69	April 2013
102	March 2013
162	February 2013
144	January 2013
120	December 2012
129	November 2012
262	October 2012
201	September 2012
93	August 2012
50	July 2012
141	June 2012
74	May 2012
33	April 2012
80	March 2012
114	February 2012
182	January 2012
126	December 2011
173	November 2011
66	October 2011
38	September 2011
222	August 2011
23	July 2011
41	June 2011
36	May 2011
57	April 2011
72	March 2011
29	February 2011
172	January 2011
86	December 2010
77	November 2010
73	October 2010
74	September 2010
85	August 2010
64	July 2010
98	June 2010
86	May 2010
113	April 2010
116	March 2010
39	February 2010
71	January 2010
47	December 2009
43	November 2009
75	October 2009
101	September 2009
51	August 2009
49	July 2009
91	June 2009
99	May 2009
83	April 2009
111	March 2009
73	February 2009
128	January 2009
70	December 2008
75	November 2008
25	October 2008
92	September 2008
143	August 2008
96	July 2008
54	June 2008
115	May 2008
180	April 2008
200	March 2008
202	February 2008
139	January 2008
185	December 2007
141	November 2007
162	October 2007
74	September 2007
75	August 2007
130	July 2007
100	June 2007
218	May 2007
77	April 2007
43	March 2007
54	February 2007
126	January 2007
83	December 2006
125	November 2006
25	October 2006
85	September 2006
63	August 2006
112	July 2006
149	June 2006
112	May 2006
76	April 2006
207	March 2006
61	February 2006
79	January 2006
43	December 2005
98	November 2005
99	October 2005
133	September 2005
241	August 2005
39	July 2005
138	June 2005
153	May 2005
80	April 2005
107	March 2005
49	February 2005
84	January 2005
178	December 2004
132	November 2004
209	October 2004
225	September 2004
125	August 2004
121	July 2004
116	June 2004
115	May 2004
78	April 2004
213	March 2004
111	February 2004
140	January 2004
57	December 2003
93	November 2003
73	October 2003
162	September 2003
89	August 2003
131	July 2003
339	June 2003
367	May 2003
148	April 2003
259	March 2003
329	February 2003
382	January 2003
50	December 2002
117	November 2002
391	October 2002
190	September 2002
161	August 2002
440	July 2002
396	June 2002
277	May 2002
128	April 2002
121	March 2002
1	December 2001

Re: default value of security.bsd.hardlink_check_[ug]id

Re: default value of security.bsd.hardlink_check_[ug]id

usb modems and com devices into GENERIC

Re: usb modems and com devices into GENERIC

Re: default value of security.bsd.hardlink_check_[ug]id

Re: default value of security.bsd.hardlink_check_[ug]id

Re: default value of security.bsd.hardlink_check_[ug]id

Re: usb modems and com devices into GENERIC

Re: usb modems and com devices into GENERIC

Re: usb modems and com devices into GENERIC