In article <Pine.GSO.4.10.10006170117280.676-100000@weyl.math.psu.edu>,
Alexander Viro <viro@math.psu.edu> writes:
> On 17 Jun 2000, Ton Hospel wrote:
>
> [following broken symlinks]
>
>> I think mknod (and possibly bind) should. They are more of a
>> "creating a file" thing, while link and symlink are more namespace
>> games.
>
> Welcome to userland races. Please, grep the BUGTRAQ archives - you'll find
> root exploits based on these.
>
I could just as well argue that the PROGRAM is wrong in making the wrong
assumptions about behaviour of symlinks. Unless there is NOW a standard
that says syumplinks to mknod/bind should not be followed (I know of
none like that currently).
Just as programs that create /tmp files and follow symlinks to e.g.
/etc/passwd should not lead to "don't follow symlinks in /tmp", but
"the program is buggy".
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Jun 23 2000 - 21:00:14 EST