Date: Mon, 6 Apr 1998 22:16:22 +0400 From: =?koi8-r?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.pp.ru> To: Sean Eric Fagan <sef@kithrup.com>, peter@FreeBSD.ORG Cc: committers@FreeBSD.ORG Subject: Re: cvs commit: src/sys/kern vfs_vnops.c src/sys/sys fcntl.h Message-ID: <19980406221622.37671@nagual.pp.ru> In-Reply-To: <199804061757.KAA14158@kithrup.com>; from sef@kithrup.com on Mon, Apr 06, 1998 at 10:57:11AM -0700 References: <199804061738.KAA02766.kithrup.freebsd.cvs-all@freefall.freebsd.org> <199804061757.KAA14158@kithrup.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> In article <199804061738.KAA02766.kithrup.freebsd.cvs-all@freefall.freebsd.org> you write: > > sys/kern vfs_vnops.c > > sys/sys fcntl.h > > Log: > > Implement a new open(2) flag: O_NOFOLLOW. This will instruct open > > to not follow symlinks, but to open a handle on the link itself(!). > > As strange as this might sound, it has several useful applications > > safe race-free ways of opening files in hostile areas (eg: /tmp, a mode > > 1777 /var/mail, etc). It also would allow things like fchown() to work > > on the link rather than having to implement a new syscall specifically for > > that task. If we talk about /tmp links security problem, this change require modification of each application, which isn't sounds well. Better hack will be to treat 't' bit of directory as 'not follow symlink' instruction in the kernel. It autoumatically fix all known /tmp races without applications modification. -- Andrey A. Chernov http://www.nagual.pp.ru/~ache/ MTH/SH/HE S-- W-- N+ PEC>+ D A a++ C G>+ QH+(++) 666+>++ Y To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980406221622.37671>