Date: Sun, 17 Jun 2001 18:00:06 -0700 (PDT) From: Matt Dillon <dillon@earth.backplane.com> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: Jordan Hubbard <jkh@osd.bsdi.com>, bde@zeta.org.au, imp@harmony.village.org, steveo@eircom.net, david@catwhisker.org, current@FreeBSD.ORG Subject: Re: symlink(2) [Was: Re: tcsh.cat] Message-ID: <200106180100.f5I106A09487@earth.backplane.com> References: <200106170518.f5H5I6V44586@harmony.village.org> <Pine.BSF.4.21.0106172154520.582-100000@besplex.bde.org> <20010617113141A.jkh@osd.bsdi.com> <20010617231418.A60728@nagual.pp.ru> <200106172128.f5HLSe108208@earth.backplane.com> <20010618015913.A45621@nagual.pp.ru> <200106172204.f5HM46608526@earth.backplane.com> <20010618021122.A45861@nagual.pp.ru> <200106180026.f5I0QGR09184@earth.backplane.com> <20010618044330.B54578@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
:There is nothing to fix. Sometimes 'make install' instead 'make :installworld' typed can produce this. Of course, install procedure can be :complicated to make it foolprof, but I think the system must be fixed :instead to not resolve illegal names. It is not good idea to :produce workarounds of illegal names out of the system. : :-- :Andrey A. Chernov Ok, I took a look at Bruce's original example, which is: ln -s "" X If you were to then do something like "ls -la X/." you would get the root directory, and "ls -la X/" tries to list the current directory, and "cp -r X Y" tries to recursively copy the current directory, and fails. I think we can safely disallow path lookups going through empty symlinks (i.e. at the time of the open(), lstat(), etc...), but we should not go changing the "ln" command or the symlink() system call. In regards to Bruce's second example: $ rm -f foo $ ln -s /nonesuch foo $ cp foo bar Well, ok, if what the symlink points to does not exist 'cp' goes and copies the symlink instead. This seems harmless to me. I still don't see how any of this is a security issue, though. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106180100.f5I106A09487>