Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 07 Apr 1998 02:19:24 +0800
From:      Peter Wemm <peter@netplex.com.au>
To:        Sean Eric Fagan <sef@kithrup.com>
Cc:        committers@FreeBSD.ORG
Subject:   Re: cvs commit: src/sys/kern vfs_vnops.c src/sys/sys fcntl.h 
Message-ID:  <199804061819.CAA16619@spinner.netplex.com.au>
In-Reply-To: Your message of "Mon, 06 Apr 1998 10:57:11 MST." <199804061757.KAA14158@kithrup.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Sean Eric Fagan wrote:
> In article <199804061738.KAA02766.kithrup.freebsd.cvs-all@freefall.freebsd.or
    g> you write:
> >    sys/kern             vfs_vnops.c 
> >    sys/sys              fcntl.h 
> >  Log:
> >  Implement a new open(2) flag: O_NOFOLLOW.  This will instruct open
> >  to not follow symlinks, but to open a handle on the link itself(!).
> >  As strange as this might sound, it has several useful applications
> >  safe race-free ways of opening files in hostile areas (eg: /tmp, a mode
> >  1777 /var/mail, etc).  It also would allow things like fchown() to work
> >  on the link rather than having to implement a new syscall specifically for
> >  that task.
> 
> This is not a good change.  Sorry.  It should be backed out.
> 
> I can think of lots of reasons -- off the top of my head, it looks like it's
> going to be fairly intrusive -- but the best reason I can think of is:  we're
> going to have to do a new syscall anyway, since other OSes do, and we try to
> be compatible with them.  E.g., NetBSD has an lchown() system call.
> 
> Then there's the issue of standards:  lchown() and lchmod() are fairly
> standard now (having first been implemented over seven years ago).  Doing it
> any other way is, I am afraid, cumbersome and conflicting.

I never said anything about deleting syscalls, or changing other chunks of 
the system to use it.  The main objective was to allow an open (not in 
O_CREAT mode) to be immune to symlinks, the other stuff was a 'gee, it 
wouldn't be too hard to actually make it do something useful instead of 
just returning an errno from open.'

We can't change things like libc to use this because it doesn't exist on
all systems the binary is likely to be run on, and won't cause an error if
the flag is not recognized. (eg: compile a static binary on 3.0 and run it
on 2.x)

Cheers,
-Peter



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804061819.CAA16619>