Re: security warning

Wolfgang Walter (
Wed, 17 Dec 1997 16:27:10 +0100

On Tue, Dec 16, 1997 at 12:31:52PM -0800, Linus Torvalds wrote:
> On Tue, 16 Dec 1997, Alan Cox wrote:
> >
> > > I'm not sure what to suggest. While a case can be made that following
> > > symlinks on hardlinking is sensible, in the delicate situations where
> > > hardlinks are actually ever *used*, symlinks are typically unexpected;
> > it seems best to not follow them, at least on the destination.
> >
> > Creation in general following a link is bad
> This is easy to change (change a 1 to a 0 in the appropriate places), but
> it really isn't bad - it's what most modern UNIXes will do (the "creat"
> part), and it does have some advantages.
> I think Linux currently allows following a symlink for just about anything
> (mkdir(), link()) etc, which is partly just because it's so easy to do
> with the new dentry scheme, and it is consistent. Most other unixes seem
> to allow symlink following for some things (creat) but not others (mkdir).

Following the book of W.R. Stevens this is indeed the 'standard', only
rename, remove, readlink, lstat and lchown do not follow a link, and chown
does on some systems.

This is not the point, I think, the real problem is that the behaviour in the
creat change from 2.0 to 2.2 so some important programs have at least to be
recompiled (if they detect the different behaviours in the configuration

Maybe this should be configurable via a sysctl-call (or even better, on a
per process base, too).

Wolfgang Walter