Date: Tue, 15 Jun 1999 16:56:32 +1000 From: Stephen McKay <syssgm@detir.qld.gov.au> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: "Chuck Youse" <cyouse@cybersites.com>, hackers@FreeBSD.ORG, "Marc Ramirez" <mrami@gbtb.com>, syssgm@detir.qld.gov.au Subject: Re: symlink question Message-ID: <199906150656.QAA04733@nymph.detir.qld.gov.au> In-Reply-To: <2743.929428404@zippy.cdrom.com> from "Jordan K. Hubbard" at "Mon, 14 Jun 1999 23:33:24 -0700" References: <2743.929428404@zippy.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday, 14th June 1999, "Jordan K. Hubbard" wrote:
>> symlinks have caused me grief (Pyramid OSx) and never joy. I hope it fails
>> yet again to appear in FreeBSD. Just think of the new security holes for a
>> start.
>
>Name one, please. You can currently point a symlink anyplace you
>like; whether the user has permission to *read* or execute the target
>of the link, however, is where the genuine system administration takes
>over. How the actual value is derived shouldn't make that much
>difference. :)
Yes, symlinks caused (still cause?) havoc when introduced! And with
variant symlinks, you lose the ability to statically verify where things
go. A safe symlink (right now) becomes a dangerous one not when the file
system is changed, but when some transient variable changes. I don't like
that at all. I don't want to have to think through all the consequences.
You might consider this sort of shifting of the goal posts (the subtle change
to the behaviour of absolutely every program) as a minor inconvenience, and
acceptable in order to gain the benefits of variant links. I don't think
that way, partially because I don't see them as a real benefit, with more
"wow" effect than real utility. Everyone points out the /${ARCH}/bin
use, but that can be done in other ways (eg just set PATH) that don't
cost much (admin time or cpu time).
Stephen.
PS On second thoughts, I think Mackin was pointing and exclaiming at a
Tektronix workstation. Did they have variant links?
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906150656.QAA04733>