On Sat, 2002-11-09 at 22:11, Ethan Benson wrote:
> On Sat, Nov 09, 2002 at 09:52:14PM +1000, Ben Martin wrote:
> > $ ll -d video
> > lrwxrwx--- 1 ben ben 12 Aug 22 18:59 video ->
> > /diskzilla/video/
> > $ setfattr --name=user.fred -h --value=foo ./video
> > setfattr: ./video: Operation not permitted
> > Is there a security issue here for setting EA on softlinks that one
> > owns? I use EA to store icon name, x, y etc info in the object itself,
> > and anything else I add to get around this will be a poor very app
> > specific hack. I'm just hopefull that maybe security was maybe tightened
> > too far or I have made a slip up?
> i don't believe there is a security problem with allowing EA for the
> owner only on symlinks, i think the reason its not allowed is because
> that would require special casing the security rules for user.*
> namespace. the user.* namespace is controlled by standard unix file
> permissions (which are supposed to be irrelevant on symlinks). it
> would be messy to add special casing for where its permissions for
> normal files and file owner for symlinks.
hmm, I agree it would add yet another complication, but without such a
case I think that many userland tools will build functions to do a
similar thing in a app dependent way (eg, setting normal EA on a .xxx
file for a symlink xxx). I'd love make 100% sure that the
if( symlink && owner == current-id )
case is hated before I think of other ways around it (which might well
be making the personal patch available to allow the above case).
> rather then complicate the code in the kernel its just forbidden to
> set EAs on symlinks at all (unless your root probably).
> the designers of the xattr interface want to keep the rules for
> various namespaces very clear and consistent, adding special cases
> like this violates that order.
I am wondering if it will make the system too simple for folks other
than myself, who are storing per object metadata in EA and their systems
break or display poorly for directories that the user has created
symlinks in. Sort of trying to see if there is a community who think
that the special case is worth existing or not.
> Ethan Benson
In this world there are only two tragedies.
One is not getting what one wants,
and the other is getting it.
-- Oscar Wilde