Re: security warning

Linus Torvalds (torvalds@transmeta.com)
Tue, 16 Dec 1997 14:24:22 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: security warning"
Previous message: Alan Cox: "Re: security warning"
In reply to: Linus Torvalds: "Re: security warning"
Reply: Linus Torvalds: "Re: security warning"

On Tue, 16 Dec 1997, Alan Cox wrote:
>
> One problem is it follows it for a lot more than it used to. Following symlinks
> on creation is bad. It causes a lot of "symlink traps". 2.0 stamps on the
> symlink and tough the hacker loses.

No, 2.0.x also followed symlinks for create(), I'm fairly certain. It used
to be pretty painful to do, actually, but others did it, and I think
people even pointed to programs that wanted it done.

But yes, 2.1.x would tend to do it more aggressively for other things than
just create().

> I'll have a look at the stuff if its supposed to be easy to fix 8)

It really should be a matter of just making a 1 (follow_links) a 0.

Linus

Next message: Alan Cox: "Re: security warning"
Previous message: Alan Cox: "Re: security warning"
In reply to: Linus Torvalds: "Re: security warning"
Reply: Linus Torvalds: "Re: security warning"