From owner-freebsd-bugs  Tue May  6 22:23:40 1997
Return-Path: <owner-bugs>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id WAA02255
          for bugs-outgoing; Tue, 6 May 1997 22:23:40 -0700 (PDT)
Received: from xkis.kis.ru (dv@xkis.kis.ru [194.87.66.200])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA02226
          for <freebsd-bugs@freebsd.org>; Tue, 6 May 1997 22:23:28 -0700 (PDT)
Received: from localhost (dv@localhost)
          by xkis.kis.ru (8.8.5/8.8.5) with SMTP id JAA19497
          for <freebsd-bugs@freebsd.org>; Wed, 7 May 1997 09:23:01 +0400 (MSD)
Date: Wed, 7 May 1997 09:23:01 +0400 (MSD)
From: Dmitry Valdov <dv@kis.ru>
To: freebsd-bugs@freebsd.org
Subject: Re: A vulnerability in Lynx (all versions) (fwd)
Message-ID: <Pine.BSF.3.95q.970507092151.19439C-100000@xkis.kis.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-bugs@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Hi!

How about this feature in FreeBSD?

---------- Forwarded message ----------
Date: Tue, 6 May 1997 13:57:55 +0200
From: Luca Berra <bluca@comedia.it>
To: BUGTRAQ@NETSPACE.ORG
Subject: Re: A vulnerability in Lynx (all versions)

Actually, for those out there running linux, someone
(Andrew tridgell if i remember correctly)
wrote a kernel patch to completely disable symlinks in
tmp attacks.
basically it does not follow any symlinks (in directories
with the sticky bit set) if the owner of the link is different
than the owner of the target.

i think something like this should be implemented in
other OSes as well.

Regards
        Luca

--
Luca Berra -- bluca@comedia.it
        System and Network Manager - CoMedia s.r.l.
           PGP Public key available via finger