Re: PATCH against 2.1.72: better symlinks for a better future (was Re: security warning)

Linus Torvalds (
Wed, 17 Dec 1997 08:55:55 -0800 (PST)

On 16 Dec 1997, Kevin Buhr wrote:
> Okay. Here's the story. The enclosed patch against 2.1.72 does two
> things.
> First, it handles O_CREAT|O_EXCL as a special case, EEXISTing on
> symlinks, dangling or not. This is the same way Solaris 2.5.1 does
> it, as documented in its open(2) manpage. Despite the inconsistency,
> this seems the most sensible/compatible solution.

Agreed. I'm still surprised that 2.0.x reportedly does not do this as I
_know_ I wrote the code to follow symlinks for creating a file. It must
have been broken at some point..

Anyway, the check for O_CREAT|O_EXCL makes perfect sense.

> Second, it doesn't follow symlinks on hardlink newnames. It *does*
> follow them on hardlink oldnames. This is the same as Digital Unix 4.0.

Ok. What about mkdir() and friends? mkdir() still follows symlinks and
I've used that to great advantage (fooling installation programs to
install in another place than they thought they would), but whether it is
a feature worth having is unclear. Again, disabling this is just a matter
of changing another 1 to a 0..