> In linux.dev.kernel, Linus Torvalds <torvalds@cs.helsinki.fi> wrote:
>
> >which should always work the way you expect. If you use "chown()" on the
> >pathname it will change the synlink itself (if you think about it, that is
> >actually the reasonable behaviour: otherwise you could never change the owner
> >of the symlink).
>
> This also protects against all sorts of nasty games with symlinks,
> for example the well - known xterm bug, where the program did, as root,
>
> open("somefile");
> <=== user could do a "rm somefile; ln -s /etc/profile somefile"
> chown(user,group,"somefile");
Indeed. For an analysis of this class of security "features", see
_Computing Systems_, Vol. 9, no. 2, p 131, "Checking for Race Conditions
in File Access" by Matt Bishop and Michael Dilger.
Turns out aside from the xterm bug there was also a sendmail bug
(suprise!) that they got Allman to fix. Neat stuff.
_____________________________________________________________________
Todd Graham Lewis Core Engineering Mindspring Enterprises
tlewis@mindspring.com (Standard Disclaimers) (800) 719 4664, x2804