DragonFly bugs List (threaded) for 2009-08
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Hammer history mounts allow access to deleted files.
This can be an issue if you realized that this data should not have been available in the first place.
An alternate scenario is that group membership changed, and you don't want the new group members to have access to past data.
I think we should address this in some sort in the release. One way is to only allow the owner to access the snapshot, and ignore group/other permissions on snapshots. This is probably very inconvenient, especially for root owned system directories.
Another way would be to somehow combine current and past owner/flags, but this is probably hard to reason about.
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Hammer history security concern
| From: | "Simon 'corecode' Schubert" <corecode@xxxxxxxxxxxx> |
| Date: | Fri, 28 Aug 2009 12:56:08 +0200 |
Hammer history mounts allow access to deleted files.
This can be an issue if you realized that this data should not have been available in the first place.
An alternate scenario is that group membership changed, and you don't want the new group members to have access to past data.
I think we should address this in some sort in the release. One way is to only allow the owner to access the snapshot, and ignore group/other permissions on snapshots. This is probably very inconvenient, especially for root owned system directories.
Another way would be to somehow combine current and past owner/flags, but this is probably hard to reason about.
cheers simon
-- <3 the future +++ RENT this banner advert +++ ASCII Ribbon /"\ rock the past +++ space for low CHF NOW!1 +++ Campaign \ / Party Enjoy Relax | http://dragonflybsd.org Against HTML \ Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]