Project

General

Profile

Actions

Feature #14545

open

make PRIV_SYS_LINKDIR obsolete

Added by Joshua M. Clulow 7 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
kernel
Start date:
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
External Bug:

Description

The ability to use the PRIV_SYS_LINKDIR privilege to link or unlink a directory has been disabled via #14537. Once we're clear that this change did not break anything we should clean up, taking some or all of these actions:

- remove the tuneable introduced by #14537, priv_allow_linkdir
- document PRIV_SYS_LINKDIR as obsolete in privileges(5), or perhaps privileges(7) by then
- update link(2) and unlink(2) to remove mention of the privilege, and to make clear that we no longer support linking or unlinking directories at all

We should also determine whether we need or want to:

- remove the secpolicy_fs_linkdir() symbol, or preserve it as a stub that returns EPERM for out-of-gate consumers
- make a change to the all privilege set or not, as part of this (I am not yet familiar with the exact mechanism here)

It will also be important to verify that actions that don't check for a specific privilege, but rather check for "all zone privileges" (see HAS_ALLZONEPRIVS()) still work as a result; e.g., marking a file setuid root.


Related issues

Blocked by illumos gate - Bug #14537: UFS should not allow directories to be unlinkedClosedJoshua M. Clulow

Actions
Actions #1

Updated by Joshua M. Clulow 7 months ago

  • Blocked by Bug #14537: UFS should not allow directories to be unlinked added
Actions

Also available in: Atom PDF