# [OT] Linux attr vs BSD file flags



## fluca1978 (Feb 17, 2012)

Hi,
I'm just curious to understand the real difference between the BSD file flags (chflags(1)) and Linux file attributes. While both seem to do the same, I don't see a Linux concept for _secure level_ and therefore I guess the Linux way of handling this is less secure than the FreeBSD way. Am I wrong?


----------



## fluca1978 (Feb 21, 2012)

Apparently I was right: inspecting the open.c file in the linux kernel source tree I found that it does the following:


```
if (IS_IMMUTABLE(inode))                                                           
                return -EPERM;
```

with the macro IS_IMMUTABLE that simply checks the presence of the S_IMMUTABLE flag in the inode. Now comparing it with the *F*reeBSD source, sys/ufs/ufs/ufs_vnops.c we can see it does:


```
if (ip->i_flags                                                    
                            & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {                  
                                error = securelevel_gt(cred, 0);                           
                                if (error)                                                 
                                        return (error);
```

So there is a check against the current kernel secure level, that Linux does not seem to do. Now what I am missing is the last coupling between the lchflags() and the vfs_open call (e.g., ufs_open). Is not the secure level tested against each open/write file operation? I cannot see any test in ffs_write (or ffs_extwrite). Any hint?

(I think this thread should be moved)


----------



## Crivens (Feb 21, 2012)

fluca1978 said:
			
		

> ...
> So there is a check against the current kernel secure level, that Linux does not seem to do.
> Now what I am missing is the last coupling between the lchflags() and the vfs_open call (e.g., ufs_open). Is not the secure level tested against each open/write file operation? I cannot see any test in ffs_write (or ffs_extwrite). Any hint?
> 
> (I think this thread should be moved)



IIRC Linux has no concept which compares to *BSDs security levels.
The flags are only tested when you open a file, later changes to the files' permissions are not taken into account. You can even delete the file after opening it, your handle and the inode stay valid.


----------



## fluca1978 (Feb 22, 2012)

Crivens said:
			
		

> IIRC Linux has no concept which compares to *BSDs security levels.
> The flags are only tested when you open a file, later changes to the files' permissions are not taken into account. You can even delete the file after opening it, your handle and the inode stay valid.



Interesting. Does this mean that FreeBSD checks flags before each file operation (e.g., read/write) in the case the open was successful? Can you point me to the implementation of this?


----------

