Hi,
I was running 2.4.18-xfs for a long time and recently upgraded to
2.4.19-xfs. I was rereading some posts re security and softlinks with
user EA, the end points seeming to be that it was a bad thing to have
user.* on links. Though I don't see what is wrong with the owner being
able to set user.ea for a softlink they own.
$ touch dummy
$ setfattr --name=user.fred -h --value=foo ./dummy
$ getfattr -n user.fred dummy
# file: dummy
user.fred="foo"
$ ll -d video
lrwxrwx--- 1 ben ben 12 Aug 22 18:59 video ->
/diskzilla/video/
$ setfattr --name=user.fred -h --value=foo ./video
setfattr: ./video: Operation not permitted
Is there a security issue here for setting EA on softlinks that one
owns? I use EA to store icon name, x, y etc info in the object itself,
and anything else I add to get around this will be a poor very app
specific hack. I'm just hopefull that maybe security was maybe tightened
too far or I have made a slip up?
--
-----------------------------------------------------
In this world there are only two tragedies.
One is not getting what one wants,
and the other is getting it.
-- Oscar Wilde
http://witme.sourceforge.net/libferris.web/
|