Re: FS: hardlinks on directories

• Previous message: Josef 'Jeff' Sipek: "[PATCH][TRIVIAL][2.6] Bugzilla bug # 939 - wrong documentation"
• In reply to: Jesse Pollard: "Re: FS: hardlinks on directories"
• Next in thread: Jesse Pollard: "Re: FS: hardlinks on directories"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date:	Tue, 5 Aug 2003 02:06:04 +0200
To: Jesse Pollard <jesse@cats-chateau.net>

On Mon, 4 Aug 2003 16:38:17 -0500
Jesse Pollard <jesse@cats-chateau.net> wrote:

> On Monday 04 August 2003 11:35, Stephan von Krawczynski wrote:
> > On Mon, 4 Aug 2003 18:16:57 +0200
> [...]
> Don't do that. It is too insecure.
>
> 1. the structure you describe is FRAGILE. Just adding one more entry
> could/would break the entire structure.
>
> 2. If you mix security structures like this you WILL get a problem.
>
> What you do is copy the declassified data to a nonsecure area (also known
> as released data). This way the user can modify internal cata without
> causing the web server potentially catastrophic releases.
>
> Same with the SQL. Do not attmept to mix sensitive and nonsensitive data
> this way.

Your just kidding, don't you?
Definition of "problem" here is: service got corrupted. It is really of
_no_ interest if the data that was corrupted is "sensitive" or "nonsensitive",
because the only cure in both versions is rewriting from scratch (and dumping
the server of course).
So your possible downtime is just as big in both ways. And nothing else counts.

> If you web server got hacked, how do you prevent the hack from ADDING
> more links? Or adding SQL injections to other applications...

I don't, because it is simply impossible. If you are root on a webserver
everything is lost, no matter if your data is local or nfs-mounted you can
delete, relink or whatever you like at will.
The only thing you _can't_ do is access data that is not exported to your
hacked system. And that's exactly what I am trying to do: don't give any more
data away than absolutely necessary.

Regards,
Stephan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Previous message: Josef 'Jeff' Sipek: "[PATCH][TRIVIAL][2.6] Bugzilla bug # 939 - wrong documentation"
• In reply to: Jesse Pollard: "Re: FS: hardlinks on directories"
• Next in thread: Jesse Pollard: "Re: FS: hardlinks on directories"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: RCU issue with SELinux (Re: SELINUX performance issues) ... to control the audit-log floods. ... This adverse effect is only that audit-logs are printed twice. ... if an entry with the same ssid/tsid/tclass as new ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: [PATCH] ppc64: Fix possible race with set_pte on a present PTE ... places want to actually update just the dirty and accessed bits. ... we should be able to have a BUG() in "set_pte" if the entry ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: [OT] 1500 days uptime. ... root server and a NIS server. ... If anyone is interested in the last entry, I'll see if I can dig itup from ... Lab tests show that use of micro$oft causes cancer in lab animals ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: silent semantic changes with reiser4 ... > There would be only one entry in the dcache. ... The lookup will select ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel)