From: jw schultz <jw@pegasys.ws>
To: linux-kernel@vger.kernel.org
Subject: Re: FS: hardlinks on directories
Date: Mon, 4 Aug 2003 21:53:46 -0700 [thread overview]
Message-ID: <20030805045346.GC27191@pegasys.ws> (raw)
In-Reply-To: <3F2E9145.5090407@namesys.com>
On Mon, Aug 04, 2003 at 09:00:53PM +0400, Hans Reiser wrote:
> If you want hard linked directories, send us a patch for v4. Should be
> VERY easy to write. If there is some reason it is not simple, let me
> know. Discuss it with Vitaly though, it might affect fsck.
I don't recommend it but if you do make sure those links can
only be made by root.
SVR3 and earlier allowed manual hardlinking of directories
by root only. They were a real source of problems. It
also confused the dickens out of fsck so it would have to be
restricted or allowed by the filesystem code, not the VFS
layer. I remember playing with it and it was a guarantee
that fsck would have to be run manually.
$mkdir A
$mkdir B
$mkdir C
$mkdir A/A1
$ln A/A1 B/B1
$ln A/A1 C/C1
$rmdir A/A1
Assuming we can do this. A1 is an empty directory after all.
Now B1 has a link count of 1, but i'll assume that is OK
$rmdir A
It is after all empty even though the link count is 3.
$cd B/B1
$/bin/pwd
cannot stat .
Remember B/B1/.. is it A with a nlinks==1
$cd ..
Now where are you? It used to be called A but now it has no
normal path but can be reached through B/B1/.. It still has
.. so what directory is it linked to that doesn't have an
entry pointing back to it.
Lets some fun with it.
$mkdir A2
Ah, now we have a directory the path to which is B/B1/../A2
We can hide all sorts of stuff here and find will never see
it. It won't get backed up but maybe that doesn't matter.
What a lovely way to hide a rootkit.
If on the other hand you removed A/A1/.. when removing A/A1
you have a B/B1 and C/C1 without ..
Now umount the filesystem and run fsck. B/B1 and C/C1 each
refer to the same directory with no .. or a .. that points
to a third directory with nlinks==1 and no directory entries
except a ..
You can put in a slew of logic to reduce the risks somewhat.
Things like only allowing rmdir somedir when
somedir->nlinks <= 2 || somedir/.. != .
but that still leaves the issue of where .. is linked and
the potential to bypass parent directory based access
controls such as Linus likes in a way that the admin will
have a hard time identifying.
The issues on a filesystem where .. is simulated would i
imagine be different.
--
________________________________________________________________
J.W. Schultz Pegasystems Technologies
email address: jw@pegasys.ws
Remember Cernan and Schmitt
next prev parent reply other threads:[~2003-08-05 4:53 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-08-04 12:15 FS: hardlinks on directories Stephan von Krawczynski
2003-08-04 12:45 ` Måns Rullgård
2003-08-04 13:22 ` Stephan von Krawczynski
2003-08-04 13:37 ` Christian Reichert
2003-08-04 13:44 ` Stephan von Krawczynski
2003-08-04 14:22 ` Christian Reichert
2003-08-04 15:31 ` Jeff Muizelaar
2003-08-04 16:15 ` Stephan von Krawczynski
2003-08-05 2:45 ` Neil Brown
2003-08-05 9:41 ` Stephan von Krawczynski
2003-08-06 1:12 ` Neil Brown
2003-08-06 10:14 ` Stephan von Krawczynski
2003-08-07 2:27 ` Neil Brown
2003-08-04 12:47 ` Nikita Danilov
2003-08-04 13:32 ` Stephan von Krawczynski
2003-08-04 13:44 ` Andries Brouwer
2003-08-04 13:56 ` Stephan von Krawczynski
2003-08-04 14:04 ` Anton Altaparmakov
2003-08-04 14:50 ` Stephan von Krawczynski
2003-08-04 20:03 ` Olivier Galibert
2003-08-04 21:16 ` Jesse Pollard
2003-08-04 23:34 ` Stephan von Krawczynski
2003-08-05 14:20 ` Jesse Pollard
2003-08-05 14:44 ` Stephan von Krawczynski
2003-08-04 22:58 ` Andrew Pimlott
2003-08-05 0:19 ` Stephan von Krawczynski
2003-08-05 1:18 ` Andrew Pimlott
2003-08-05 8:04 ` Stephan von Krawczynski
2003-08-05 11:18 ` Wakko Warner
2003-08-04 14:33 ` Jesse Pollard
2003-08-04 15:05 ` Stephan von Krawczynski
2003-08-04 15:57 ` Richard B. Johnson
2003-08-04 21:23 ` Jesse Pollard
2003-08-04 16:11 ` Adam Sampson
2003-08-04 17:00 ` Hans Reiser
2003-08-04 17:18 ` Sean Neakums
2003-08-05 4:53 ` jw schultz [this message]
2003-08-04 18:50 ` jlnance
2003-08-04 21:09 ` Jesse Pollard
2003-08-04 22:13 ` Stephan von Krawczynski
2003-08-04 22:32 ` Stephan von Krawczynski
2003-08-04 23:00 ` Randolph Bentson
2003-08-05 0:10 ` Stephan von Krawczynski
2003-08-05 2:09 ` Edgar Toernig
2003-08-05 8:05 ` Stephan von Krawczynski
2003-08-05 12:51 ` Helge Hafting
2003-08-05 13:03 ` Stephan von Krawczynski
2003-08-05 13:13 ` Bernd Petrovitsch
2003-08-05 13:39 ` Stephan von Krawczynski
2003-08-05 13:36 ` Richard B. Johnson
2003-08-05 14:04 ` Stephan von Krawczynski
2003-08-05 14:57 ` Richard B. Johnson
2003-08-05 15:08 ` Stephan von Krawczynski
2003-08-05 15:02 ` Jesse Pollard
2003-08-05 15:12 ` Stephan von Krawczynski
2003-08-05 15:44 ` Trond Myklebust
2003-08-05 14:56 ` Jesse Pollard
2003-08-05 22:08 ` Helge Hafting
2003-08-24 17:35 ` Hans Reiser
2003-08-24 19:02 ` Helge Hafting
2003-08-25 8:27 ` Nikita Danilov
2003-08-25 15:48 ` Hans Reiser
2003-08-05 14:12 ` Jesse Pollard
2003-08-05 14:21 ` Stephan von Krawczynski
2003-08-05 15:53 ` Herbert Pötzl
2003-08-04 20:47 ` Jan Harkes
2003-08-04 15:42 ` Brian Pawlowski
2003-08-04 15:56 ` Stephan von Krawczynski
2003-08-04 16:16 ` Herbert Pötzl
2003-08-04 16:35 ` Stephan von Krawczynski
2003-08-04 16:54 ` Herbert Pötzl
2003-08-04 17:18 ` Stephan von Krawczynski
2003-08-04 17:25 ` Herbert Pötzl
2003-08-04 21:38 ` Jesse Pollard
2003-08-05 0:06 ` Stephan von Krawczynski
2003-08-05 3:11 ` Neil Brown
2003-08-04 21:29 ` Jesse Pollard
2003-08-04 23:42 ` Stephan von Krawczynski
2003-08-05 16:46 ` viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030805045346.GC27191@pegasys.ws \
--to=jw@pegasys.ws \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).