Re: security warning

Kevin Buhr (
16 Dec 1997 13:59:18 -0600 (Alan Cox) writes:
> There is a symlink bug in 2.1.x but this isnt it. The one that needs fixing
> is open O_EXCL and O_CREAT ahouldnt follow or ignore existing symlinks
> dangling or otherwise. That broke somewhere with dentries and hasnt yet
> got fixed to be correct as 2.0 is. Without this sendmail and stuff arent
> terribly secure on 2.1.x.

While we're at it, note that hardlink creation follows symlinks. That

touch foo
ln -s bar bar-symlink
perl -e 'link "foo", "bar-symlink"'

hard links "bar" to "foo". (GNU "ln" is too smart for its own good,
so "ln foo bar-symlink" doesn't work.) Therefore, programs using
"create, hardlink, and stat" file locking in place of O_EXCL|O_CREATE
face a similar security problem.

Thomas's comments in "fs/namei.c" refer to this situation; it looks
like Solaris, SunOS, and HP-UX all handle things differently.

I'm not sure what to suggest. While a case can be made that following
symlinks on hardlinking is sensible, in the delicate situations where
hardlinks are actually ever *used*, symlinks are typically unexpected;
it seems best to not follow them, at least on the destination.

Kevin <>

P.S. Thomas, patch your name into the CREDITS file.