From owner-freebsd-security  Mon Mar 15  1:46:18 1999
Delivered-To: freebsd-security@freebsd.org
Received: from alcanet.com.au (border.alcanet.com.au [203.62.196.10])
	by hub.freebsd.org (Postfix) with ESMTP id DB2B514FA9
	for <freebsd-security@FreeBSD.ORG>; Mon, 15 Mar 1999 01:46:01 -0800 (PST)
	(envelope-from peter.jeremy@auss2.alcatel.com.au)
Received: by border.alcanet.com.au id <40331>; Mon, 15 Mar 1999 19:33:24 +1000
Date: Mon, 15 Mar 1999 19:45:37 +1000
From: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>
Subject: Re: ACL's
To: freebsd-security@FreeBSD.ORG
Message-Id: <99Mar15.193324est.40331@border.alcanet.com.au>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

James Wyatt <jwyatt@RWSystems.net> wrote:
>Anyone else remember the UseNet wag who said "Symlinks can turn your
>filesystem tree into a bramblebush."? Rich Salz, perhaps? - Jy@

There's also `symbolic links: GOTO's for filesystems'.  Unfortunately,
I don't remember the attribution.

patl@phoenix.volant.org wrote:
>  (It can
>detect a lost race condition by opening the file, doing the unlink,
>then checking the link count on the open fd before closing.)
And if this check fails, what should it do?  It can't replace the link.

Robert Watson <robert@cyrus.watson.org> wrote:
>The s/owned/writable by/ change suggested sounds reasonable also.  I
>update my request for broken features and/or security holes given this
>change:
>
>link(thefile, newname) will succeed only if open(thefile, O_RDWR) would
>have succeeded, and if open(newname, O_CREAT, 0) would have succeeded.

This sounds much better than my suggestion to chmod the file.  I can't
think of any breakage offhand.

Peer


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message