Re: security warning

Albert D. Cahalan (
Tue, 16 Dec 1997 12:40:19 -0500 (EST)

>> I would strongly suggest the following patch:
>> I hope that patch gets in the kernel soon, default to "Y".
> Why do we want a patch breaking symbolic links and several applications.

Nobody has shown an application that breaks.

This would be 100% standard compliant behavior:

1. The sticky bit on directories has vaguely defined behavior.
Standards tend to add "has appropriate privileges", which
is a way to say "you could be MVS or NT and do weird stuff".

2. Link creation requires undefined "access" -- owner in this case.
Again, it is a way to let strange security policies be legal.

> Fix the applications or fix the use of /tmp even better still.

That will never happen. There are too many clueless software
developers in the world. Even commercial software (no source code)
has this kind of bug.

This is like trying to fix all the stack overflows: good luck!
Maybe we should rewrite everything in Pascal to be safe.