From owner-cvs-all  Fri Apr 10 05:44:07 1998
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id FAA29396
          for cvs-all-outgoing; Fri, 10 Apr 1998 05:44:07 -0700 (PDT)
          (envelope-from owner-cvs-all@FreeBSD.ORG)
Received: from zero.aec.at (qmaill@zero.aec.at [193.170.192.102])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id FAA29309
          for <cvs-committers@FreeBSD.ORG>; Fri, 10 Apr 1998 05:43:59 -0700 (PDT)
          (envelope-from andi@zero.aec.at)
Received: (qmail 30928 invoked by uid 573); 10 Apr 1998 11:41:18 -0000
To: Wolfram Schneider <wosch@FreeBSD.ORG>
Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-sbin@FreeBSD.ORG,
        cvs-sys@FreeBSD.ORG
Subject: Re: cvs commit: src/sbin/mount mntopts.h mount.8 mount.c src/sys/kern          vfs_lookup.c vfs_syscalls.c vfs_vnops.c src/sys/sys mount.h
References: <199804081832.LAA04184@freefall.freebsd.org>
From: Andi Kleen <ak@muc.de>
Date: 10 Apr 1998 13:41:18 +0200
In-Reply-To: Wolfram Schneider's message of Wed, 8 Apr 1998 11:32:00 -0700 (PDT)
Message-ID: <k2emz5oqe9.fsf@zero.aec.at>
Lines: 18
X-Mailer: Gnus v5.4.41/Emacs 19.34
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk

Wolfram Schneider <wosch@FreeBSD.ORG> writes:

> wosch       1998/04/08 11:32:00 PDT
> 
>   Modified files:
>     sbin/mount           mntopts.h mount.8 mount.c 
>     sys/kern             vfs_lookup.c vfs_syscalls.c vfs_vnops.c 
>     sys/sys              mount.h 
>   Log:
>   New mount option nosymfollow. If enabled, the kernel lookup()
>   function will not follow symbolic links on the mounted
>   file system and return EACCES (Permission denied).

Note that this is not enough alone to prevent /tmp races. A malicious
user can still use a named pipe to feed the victim changed data.


-Andi

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message