On Thu, 14 Jun 2001, Richard Henderson wrote:
> Yes, I saw those. What is the effect of O_NOFOLLOW? To not
> follow symbolic links when opening the file. If you open a
> regular file, in effect nothing happens. Moreover, if these
> opens were not finding files now, the system wouldn't work.
>
> So: the effect, I suppose, is (1) disabling some security
> within glibc, and (2) making these accesses slower since they
> will be considered O_DIRECT after the change.
>
> Which doesn't seem that life-threatening to me.
O_NOFOLLOW is used to deal with symlink attacks. Breaking it means
that for quite a few binaries you are opening security holes. And
since it's a flagday change, you'll get the situation when no version
will work for all kernels. Bad idea, IMO.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Jun 15 2001 - 21:00:23 EST