From owner-freebsd-security Tue Feb 27 09:37:37 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id JAA06157 for security-outgoing; Tue, 27 Feb 1996 09:37:37 -0800 (PST) Received: from Root.COM (implode.Root.COM [198.145.90.17]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id JAA06152 for ; Tue, 27 Feb 1996 09:37:34 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by Root.COM (8.6.12/8.6.5) with SMTP id IAA07339; Tue, 27 Feb 1996 08:46:14 -0800 Message-Id: <199602271646.IAA07339@Root.COM> X-Authentication-Warning: implode.Root.COM: Host localhost didn't use HELO protocol To: Bruce Evans cc: msmith@comtch.iea.com, nlawson@kdat.csc.calpoly.edu, security@FreeBSD.org Subject: Re: Suspicious symlinks in /tmp In-reply-to: Your message of "Wed, 28 Feb 1996 02:03:09 +1100." <199602271503.CAA03513@godzilla.zeta.org.au> From: David Greenman Reply-To: davidg@Root.COM Date: Tue, 27 Feb 1996 08:46:14 -0800 Sender: owner-security@FreeBSD.org Precedence: bulk >>However, the bug that I have seen for quite a while and complained about is >>that a symlink is owned by the owner of the file it points to, not by the >>creator of the symlink. That is a bad idea and I really can't see the logic >>behind doing that. > >>Could someone explain this behavior? > >The symlink is owned by the owner of its parent directory. > >I think this is to conform to future POSIX standards. Many other things >involving symlinks changed in 4.4lite. See `man 7 symlink'. NetBSD recently went back to the previous/traditional behavior for symlinks. I think we should too - the "new" model is incompatible with sticky bit directories. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project