On Thu, Apr 12, 2007 at 01:34:11PM +0100, Robert Watson wrote: > > On Thu, 12 Apr 2007, Bernd Walter wrote: > > >>I'm not a big fan of setting these flags -- I fairly frequently run into > >>problems when I installworld an NFS root on the NFS host, then try to > >>work with it over NFS from the NFS-booted system, as the flags can't be > >>removed via NFS. They don't offer a security benefit as-installed, and > >>perhaps offer a benefit with respect to preventing people from shooting > >>themselves in the foot (or perhaps not). > > > >They do add security benefits for jails. E.g. hardlink system binaries > >over multiple jails flaged immuteable. No jail can compromise the data in > >other jails, while still allowing the kernel to share memory pages for it. > > However, the standard installworld doesn't do this. I'm don't object to > the flags existing, it's rather that I think that the incremental benefit > of the cases where we do set them by default via installworld isn't there. > If you're going to use schg to protect jails, it basically requires setting > the flag on all the directories and files that are shared, and that > wouldn't be a good default either. :-) Agreed - the base usage of those flags isn't a big win. Never saw your NFS problem, but that is only because I either cpio'ed my new host-root directories or update on the NFS-server in a chroot. So it was just luck that I did not saw it yet. It would be nice to have them in ZFS for other purpose. -- B.Walter http://www.bwct.de http://www.fizon.de bernd_at_bwct.de info_at_bwct.de support_at_fizon.deReceived on Thu Apr 12 2007 - 11:55:25 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:08 UTC