[OT] Linux attr vs BSD file flags

fluca1978

fluca1978

Hi,
I'm just curious to understand the real difference between the BSD file flags (chflags(1)) and Linux file attributes. While both seem to do the same, I don't see a Linux concept for secure level and therefore I guess the Linux way of handling this is less secure than the FreeBSD way. Am I wrong?
 
Apparently I was right: inspecting the open.c file in the linux kernel source tree I found that it does the following:

Code: 
if (IS_IMMUTABLE(inode))                                                           
                return -EPERM;

with the macro IS_IMMUTABLE that simply checks the presence of the S_IMMUTABLE flag in the inode. Now comparing it with the FreeBSD source, sys/ufs/ufs/ufs_vnops.c we can see it does:

Code: 
if (ip->i_flags                                                    
                            & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {                  
                                error = securelevel_gt(cred, 0);                           
                                if (error)                                                 
                                        return (error);

So there is a check against the current kernel secure level, that Linux does not seem to do. Now what I am missing is the last coupling between the lchflags() and the vfs_open call (e.g., ufs_open). Is not the secure level tested against each open/write file operation? I cannot see any test in ffs_write (or ffs_extwrite). Any hint?

(I think this thread should be moved)
 
fluca1978 said:
...
So there is a check against the current kernel secure level, that Linux does not seem to do.
Now what I am missing is the last coupling between the lchflags() and the vfs_open call (e.g., ufs_open). Is not the secure level tested against each open/write file operation? I cannot see any test in ffs_write (or ffs_extwrite). Any hint?

(I think this thread should be moved)
Click to expand...

IIRC Linux has no concept which compares to *BSDs security levels.
The flags are only tested when you open a file, later changes to the files' permissions are not taken into account. You can even delete the file after opening it, your handle and the inode stay valid.
 
Crivens said:
IIRC Linux has no concept which compares to *BSDs security levels.
The flags are only tested when you open a file, later changes to the files' permissions are not taken into account. You can even delete the file after opening it, your handle and the inode stay valid.
Click to expand...

Interesting. Does this mean that FreeBSD checks flags before each file operation (e.g., read/write) in the case the open was successful? Can you point me to the implementation of this?
 
You must log in or register to reply here.
Back
Top