Date: 11 Apr 1998 14:51:55 +0200 From: Wolfram Schneider <wosch@cs.tu-berlin.de> To: =?koi8-r?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.pp.ru> Cc: freebsd-fs@FreeBSD.ORG Subject: Re: cvs commit: src/sbin/mount mntopts.h mount.8 mount.c src/sys/kern vfs_lookup.c vfs_syscalls.c vfs_vnops.c src/sys/sys mount.h Message-ID: <p1iemz4frmc.fsf@panke.panke.de> In-Reply-To: =?koi8-r?B?4c7E0sXKIP7F0s7P1w==?='s message of Wed, 8 Apr 1998 22:48:34 %2B0400 References: <199804081832.LAA04184@freefall.freebsd.org> <19980408224834.38476@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
=?koi8-r?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.pp.ru> writes: > On Wed, Apr 08, 1998 at 11:32:00AM -0700, Wolfram Schneider wrote: > > wosch 1998/04/08 11:32:00 PDT > > Modified files: > > sbin/mount mntopts.h mount.8 mount.c > > sys/kern vfs_lookup.c vfs_syscalls.c vfs_vnops.c > > sys/sys mount.h > > Log: > > New mount option nosymfollow. If enabled, the kernel lookup() > > function will not follow symbolic links on the mounted > > file system and return EACCES (Permission denied). > > Why? [moved to freebsd-fs] A security workaround. There was a discussion in freebsd-fs some month ago about this patch and nobody objected. > If you care of /tmp, it can be easily overwritted with TMPDIR env. > variable as peter points. Correctly written programs are not the problem ;-) The *thousends* poorly implemented programs are a security risk. How do you want fix a binary only package, e.g. ORACLE? -- Wolfram Schneider <wosch@freebsd.org> http://www.freebsd.org/~wosch/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-fs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p1iemz4frmc.fsf>