From owner-freebsd-fs  Fri Apr 10 07:54:55 1998
Return-Path: <owner-freebsd-fs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA19904
          for freebsd-fs-outgoing; Fri, 10 Apr 1998 07:54:55 -0700 (PDT)
          (envelope-from owner-freebsd-fs@FreeBSD.ORG)
Received: from mail.cs.tu-berlin.de (root@mail.cs.tu-berlin.de [130.149.17.13])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA19678
          for <freebsd-fs@freebsd.org>; Fri, 10 Apr 1998 07:54:11 -0700 (PDT)
          (envelope-from wosch@cs.tu-berlin.de)
Received: from panke.panke.de (anonymous233.ppp.cs.tu-berlin.de [130.149.17.233])
	by mail.cs.tu-berlin.de (8.8.8/8.8.8) with ESMTP id QAA17282;
	Fri, 10 Apr 1998 16:48:08 +0200 (MET DST)
Received: (from wosch@localhost) by panke.panke.de (8.8.5/8.6.12) id QAA00959; Fri, 10 Apr 1998 16:45:06 +0200 (MET DST)
Message-ID: <19980410164505.27668@panke.de>
Date: Fri, 10 Apr 1998 16:45:05 +0200
From: Wolfram Schneider <wosch@cs.tu-berlin.de>
To: Andi Kleen <ak@muc.de>
Cc: freebsd-fs@FreeBSD.ORG
Subject: Re: cvs commit: src/sbin/mount mntopts.h mount.8 mount.c src/sys/kern          vfs_lookup.c vfs_syscalls.c vfs_vnops.c src/sys/sys mount.h
References: <199804081832.LAA04184@freefall.freebsd.org> <k2emz5oqe9.fsf@zero.aec.at>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.79
In-Reply-To: <k2emz5oqe9.fsf@zero.aec.at>; from Andi Kleen on Fri, Apr 10, 1998 at 01:41:18PM +0200
Sender: owner-freebsd-fs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On 1998-04-10 13:41:18 +0200, Andi Kleen wrote:
> > wosch       1998/04/08 11:32:00 PDT
> >   Modified files:
> >     sbin/mount           mntopts.h mount.8 mount.c 
> >     sys/kern             vfs_lookup.c vfs_syscalls.c vfs_vnops.c 
> >     sys/sys              mount.h 
> >   Log:
> >   New mount option nosymfollow. If enabled, the kernel lookup()
> >   function will not follow symbolic links on the mounted
> >   file system and return EACCES (Permission denied).
> 
> Note that this is not enough alone to prevent /tmp races. A malicious
> user can still use a named pipe to feed the victim changed data.

[moved to freebsd-fs]

I can add a nonamedpipe option ;-)

A named pipe race is much harder to implement than a symlink race.
How do you avoid dead locks?

-- 
Wolfram Schneider   <wosch@freebsd.org>   http://www.freebsd.org/~wosch/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-fs" in the body of the message