From owner-freebsd-security  Thu Jan  9 21:13:29 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id VAA17711
          for security-outgoing; Thu, 9 Jan 1997 21:13:29 -0800 (PST)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id VAA17687
          for <freebsd-security@freebsd.org>; Thu, 9 Jan 1997 21:13:18 -0800 (PST)
Received: from rover.village.org [127.0.0.1] 
	by rover.village.org with esmtp (Exim 0.56 #1)
	id E0viZGn-0006Qz-00; Thu, 9 Jan 1997 22:12:45 -0700
To: m-braithwaite@sjca.edu
Subject: Re: Obvious fix for tempfile race conditions? 
Cc: freebsd-security@freebsd.org
In-reply-to: Your message of "Tue, 07 Jan 1997 22:31:17 EST."
		<199701080331.WAA02781@continuity.sjca.edu> 
References: <199701080331.WAA02781@continuity.sjca.edu>  
Date: Thu, 09 Jan 1997 22:12:44 -0700
From: Warner Losh <imp@village.org>
Message-Id: <E0viZGn-0006Qz-00@rover.village.org>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In message <199701080331.WAA02781@continuity.sjca.edu> Matt Braithwaite writes:
: If I've got that much of it right, why not simply add a mount option
: to disable symlinks on a given filesystem?

Because it isn't needed?  It is possible to safely remove file in /tmp
or other hostile grounds by using fchdir and comparing before and
after inode# and device# using stat and fstat.  Check out the netbsd
current list for a "saferm" that was posted there.

Warner