[techtalk] partitioning security (was lilo)

Andrew Wendt awendt at putergeek.com
Wed Jul 25 16:55:18 EST 2001 

On July 25, 2001 16:28, coldfire wrote:
> when a softlink is accessed, the softlink contains in it the name of the
> file that it points to.  it isn't recognized as say the file '/tmp/bob'
> but rather '/etc/shadow.'  whereas if it's a hardlink, as far as anyone
> (even you) is concerned, the file it's accessing _is_ '/tmp/bob.'

As far as I know, there have been a lot of security problems relating to 
symlinks in /tmp... So I'm wondering what it really buys you security-wise to 
restrict only the hard links.

> > I don't know the terms 'hard link' and 'soft link', but with a
> > symbolic link created with 'ln -s', the permissions of the
> > source of the link wind up being the permissions of the target.
> > I don't know if/how partitions affect things.
> >
> > However, since it seems hard links can affect security, perhaps
> > someone would like to tell me: what are they? How/why do they
> > create such holes?

Hard links are just what you get when you run "ln" without the -s switch.

> i have to be brief on this .. mail system is going down soon .. but a
> softlink is the same as a symbolic link.  and they are fast.  they do not
> use any data blocks on the filesystem either.  so it's quick, and saves
> space.  however, there exists a maximum size of the target's _name_.  i
> can't remember how big, but it exists.

I think with ext2 a symlink will only not use data blocks if the name it 
points to is short enough, otherwise it will.

> whereas, a hardlink .. an inode contains in it a number associated with
> the file that it points at.  creating a new hardlink just creates another
> inode that points to the same file and increments the 'links count' in the
> inode.

I think you mean that a directory entry contains an inode number for the file 
that it points at. The hard link creates a new directory entry but not a new 
inode...

[16:36:18 andy at andy:~] touch file1
[16:36:20 andy at andy:~] ln file1 file2
[16:36:23 andy at andy:~] ls -li file[12]
 487626 -rw-r--r--   2 andy     users           0 Jul 25 16:36 file1
 487626 -rw-r--r--   2 andy     users           0 Jul 25 16:36 file2

TTFN
Andy

More information about the Techtalk mailing list