[DragonFlyBSD - Bug #1469] Hammer history security concern
bugtracker-admin at leaf.dragonflybsd.org
bugtracker-admin at leaf.dragonflybsd.org
Thu Feb 20 07:47:14 PST 2014
Issue #1469 has been updated by tuxillo.
Description updated
Category set to VFS subsystem
Assignee changed from 0 to tuxillo
Target version set to 3.8.0
Grab.
----------------------------------------
Bug #1469: Hammer history security concern
http://bugs.dragonflybsd.org/issues/1469#change-11805
* Author: corecode
* Status: New
* Priority: Normal
* Assignee: tuxillo
* Category: VFS subsystem
* Target version: 3.8.0
----------------------------------------
Hammer history mounts allow access to deleted files.
This can be an issue if you realized that this data should not have been
available in the first place.
An alternate scenario is that group membership changed, and you don't
want the new group members to have access to past data.
I think we should address this in some sort in the release. One way is
to only allow the owner to access the snapshot, and ignore group/other
permissions on snapshots. This is probably very inconvenient,
especially for root owned system directories.
Another way would be to somehow combine current and past owner/flags,
but this is probably hard to reason about.
cheers
simon
--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account
More information about the Bugs
mailing list