On Tue, Feb 11, 2020 at 09:18:30AM -0500, Phillip Susi <ph...@thesusis.net>
wrote:
> > The effective permissions for a path depend on more than just the
> > permissions of the file it refers to. For example, a root-only readable
> > file can still be changed by normal users if the directory is writable for
> > them.
>
> No, it can't.
Yes it can.
> If the directory is writable, then the user can modify the directory,
> i.e. to rm the file, but they can't modify the file itself.
When you recreate a file with different contents you have modified it.
Anything else is weird word twisting, and not useful in this context - it
doesn't matter how exactly I change a file, as long as I can change it
when I shouldn't be, it is a security bug.
> > effective permissions in ways not expected by the user, by mounting it in
> > an insecure location.
>
> The only way it can change the effective permissions are if you normally
> have it mounted in a directory that uses the traverse/execute permission
> to restrict who can traverse it with the files inside otherwise having
No, there are other possibilities, but that is one way, yes.
> looser permissions, and that amounts to the same thing as just not
> keeping it mounted most of the time.
No, these are very different things.
> filesystem namespace so that it is only mounted to the one user and not
> visable to the rest of the system. Either way, it begs the question:
> why not just set the permissions correctly instead?
Your question is loaded, because it presumes that the correct permissions
are somehow incorrect (a contradiction that any answer would have to
accept, which makes it impossible to answer your question). That is not
so, of course, which I have already pointed out (wehich begs the question
why you repeat this falsehood :).
> Come to think of it, maybe using filesystem namespaces would be a better
> idea than chmod()ing the /tmp mount point ( and then creating another
> subdirectory in which to actually mount the fs ).
A less portable, more complicated, but altogether valid solution, yes.
--
The choice of a Deliantra, the free code+content MORPG
-----==- _GNU_ http://www.deliantra.net
----==-- _ generation
---==---(_)__ __ ____ __ Marc Lehmann
--==---/ / _ \/ // /\ \/ / schm...@schmorp.de
-=====/_/_//_/\_,_/ /_/\_\
