From owner-cvs-all  Mon Apr  6 11:19:59 1998
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA01315
          for cvs-all-outgoing; Mon, 6 Apr 1998 11:19:59 -0700 (PDT)
          (envelope-from owner-cvs-all@FreeBSD.ORG)
Received: from spinner.netplex.com.au (spinner.netplex.com.au [202.12.86.3])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA01269
          for <committers@FreeBSD.ORG>; Mon, 6 Apr 1998 11:19:50 -0700 (PDT)
          (envelope-from peter@netplex.com.au)
Received: from spinner.netplex.com.au (localhost [127.0.0.1])
	by spinner.netplex.com.au (8.8.8/8.8.8/Spinner) with ESMTP id CAA16619;
	Tue, 7 Apr 1998 02:19:28 +0800 (WST)
	(envelope-from peter@spinner.netplex.com.au)
Message-Id: <199804061819.CAA16619@spinner.netplex.com.au>
X-Mailer: exmh version 2.0.2 2/24/98
To: Sean Eric Fagan <sef@kithrup.com>
cc: committers@FreeBSD.ORG
Subject: Re: cvs commit: src/sys/kern vfs_vnops.c src/sys/sys fcntl.h 
In-reply-to: Your message of "Mon, 06 Apr 1998 10:57:11 MST."
             <199804061757.KAA14158@kithrup.com> 
Date: Tue, 07 Apr 1998 02:19:24 +0800
From: Peter Wemm <peter@netplex.com.au>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk

Sean Eric Fagan wrote:
> In article <199804061738.KAA02766.kithrup.freebsd.cvs-all@freefall.freebsd.or
    g> you write:
> >    sys/kern             vfs_vnops.c 
> >    sys/sys              fcntl.h 
> >  Log:
> >  Implement a new open(2) flag: O_NOFOLLOW.  This will instruct open
> >  to not follow symlinks, but to open a handle on the link itself(!).
> >  As strange as this might sound, it has several useful applications
> >  safe race-free ways of opening files in hostile areas (eg: /tmp, a mode
> >  1777 /var/mail, etc).  It also would allow things like fchown() to work
> >  on the link rather than having to implement a new syscall specifically for
> >  that task.
> 
> This is not a good change.  Sorry.  It should be backed out.
> 
> I can think of lots of reasons -- off the top of my head, it looks like it's
> going to be fairly intrusive -- but the best reason I can think of is:  we're
> going to have to do a new syscall anyway, since other OSes do, and we try to
> be compatible with them.  E.g., NetBSD has an lchown() system call.
> 
> Then there's the issue of standards:  lchown() and lchmod() are fairly
> standard now (having first been implemented over seven years ago).  Doing it
> any other way is, I am afraid, cumbersome and conflicting.

I never said anything about deleting syscalls, or changing other chunks of 
the system to use it.  The main objective was to allow an open (not in 
O_CREAT mode) to be immune to symlinks, the other stuff was a 'gee, it 
wouldn't be too hard to actually make it do something useful instead of 
just returning an errno from open.'

We can't change things like libc to use this because it doesn't exist on
all systems the binary is likely to be run on, and won't cause an error if
the flag is not recognized. (eg: compile a static binary on 3.0 and run it
on 2.x)

Cheers,
-Peter



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message