[ale] security : options for restricting hard links?
J.M. Taylor
jtaylor at onlinea.com
Wed Mar 12 09:58:57 EST 2003
Been googling all morning since a friend discovered that PHP's
open_basedir restrction does *not* apply to hard links, only symlinks,
which makes sense as PHP has no way of knowing that something is a hard
link.
The impact seems fairly minimal on a well-set-up machine, but it's caught
my attention as a potentially insidious problem that doesn't get mentioned
much (or at all??) in how-to-set-up-a-secure-webserver literature.
So I've been looking into restricting this and so far have found
suggestions for setting chattr flags (tested, don't work) and kernel
patches...but I have to admit having a box hosted elsewhere I'm a bit
leery of adding stuff to the kernel. Openwall, at least, seems to be on
the right track but I want to *completely* prevent linking on a particular
file system (yes, I have good reasons), not just restrict to the right UID
or GID.
Suggestions? Do any of ya'll restrict link creation? What do you use?
TIA
jenn
--
Jenn Taylor
Onlinea Software
jtaylor at onlinea.com
www.onlinea.com
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list