Immutable files (Was Re: [security]: kernel ioctl()'s [3])

Peter Benie (pjb1008@cam.ac.uk)
Fri, 02 Jul 1999 18:13:35 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Peter Monta: "Re: How-to?"
Previous message: Alan Cox: "Re: Help with Linux 2.2.10ac6"
In reply to: Alexander Viro: "Re: [security]: kernel ioctl()'s [3]"

Alan Cox writes ("Re: [security]: kernel ioctl()'s [3]"):
> > reasonable thing to do. It should get applied to the 2.3 tree, and
> > perhaps to the 2.2 tree (it really isn't a bug fix as much as it is a
> > new feature, although it's fairly low risk as new features go).
>
> I think its out of the question for 2.2, too much software knows it can
> write to users files as root. You've just broken that unix tradition (quite
> possibly sensibly broken)

I'd like to see a different change to the behaviour of immutability:

Either:
If CAP_IMMUTABLE is set, a process is not affected by the immutable
flag on a file.
Or:
A second capability to allow the change of immutable files.

This would allow the creation of immutable files in a user's directory
or in shared directories without race conditions. It also allows
logging daemons to rotate append-only files.

Since a process with CAP_IMMUTABLE set can remove the flag from a file
anyway, I believe this change has no additional security implications.

Peter

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Peter Monta: "Re: How-to?"
Previous message: Alan Cox: "Re: Help with Linux 2.2.10ac6"
In reply to: Alexander Viro: "Re: [security]: kernel ioctl()'s [3]"