Re: security warning

Linus Torvalds (torvalds@transmeta.com)
Tue, 16 Dec 1997 12:31:52 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Felix Schroeter: "Re: Open() UNIX socket = socket() + connect() ?"
Previous message: Alan Cox: "Re: security warning"
In reply to: Linus Torvalds: "Re: security warning"
Reply: Linus Torvalds: "Re: security warning"

On Tue, 16 Dec 1997, Alan Cox wrote:
>
> > I'm not sure what to suggest. While a case can be made that following
> > symlinks on hardlinking is sensible, in the delicate situations where
> > hardlinks are actually ever *used*, symlinks are typically unexpected;
> it seems best to not follow them, at least on the destination.
>
> Creation in general following a link is bad

This is easy to change (change a 1 to a 0 in the appropriate places), but
it really isn't bad - it's what most modern UNIXes will do (the "creat"
part), and it does have some advantages.

I think Linux currently allows following a symlink for just about anything
(mkdir(), link()) etc, which is partly just because it's so easy to do
with the new dentry scheme, and it is consistent. Most other unixes seem
to allow symlink following for some things (creat) but not others (mkdir).

Linus

Next message: Felix Schroeter: "Re: Open() UNIX socket = socket() + connect() ?"
Previous message: Alan Cox: "Re: security warning"
In reply to: Linus Torvalds: "Re: security warning"
Reply: Linus Torvalds: "Re: security warning"