From owner-cvs-all  Mon Apr  6 11:16:50 1998
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA00470
          for cvs-all-outgoing; Mon, 6 Apr 1998 11:16:50 -0700 (PDT)
          (envelope-from owner-cvs-all@FreeBSD.ORG)
Received: from lsd.relcom.eu.net (ache@lsd.relcom.eu.net [193.125.27.73])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA00292;
          Mon, 6 Apr 1998 11:16:31 -0700 (PDT)
          (envelope-from ache@lsd.relcom.eu.net)
Received: (from ache@localhost)
	by lsd.relcom.eu.net (8.8.8/8.8.8) id WAA07372;
	Mon, 6 Apr 1998 22:16:22 +0400 (MSD)
	(envelope-from ache)
Message-ID: <19980406221622.37671@nagual.pp.ru>
Date: Mon, 6 Apr 1998 22:16:22 +0400
From: =?koi8-r?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.pp.ru>
To: Sean Eric Fagan <sef@kithrup.com>, peter@FreeBSD.ORG
Cc: committers@FreeBSD.ORG
Subject: Re: cvs commit: src/sys/kern vfs_vnops.c src/sys/sys fcntl.h
Mail-Followup-To: Sean Eric Fagan <sef@kithrup.com>, peter@FreeBSD.ORG,
	committers@FreeBSD.ORG
References: <199804061738.KAA02766.kithrup.freebsd.cvs-all@freefall.freebsd.org> <199804061757.KAA14158@kithrup.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89.1i
In-Reply-To: <199804061757.KAA14158@kithrup.com>; from sef@kithrup.com on Mon, Apr 06, 1998 at 10:57:11AM -0700
Organization: Biomechanoid
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk

> In article <199804061738.KAA02766.kithrup.freebsd.cvs-all@freefall.freebsd.org> you write:
> >    sys/kern             vfs_vnops.c 
> >    sys/sys              fcntl.h 
> >  Log:
> >  Implement a new open(2) flag: O_NOFOLLOW.  This will instruct open
> >  to not follow symlinks, but to open a handle on the link itself(!).
> >  As strange as this might sound, it has several useful applications
> >  safe race-free ways of opening files in hostile areas (eg: /tmp, a mode
> >  1777 /var/mail, etc).  It also would allow things like fchown() to work
> >  on the link rather than having to implement a new syscall specifically for
> >  that task.


If we talk about /tmp links security problem, this change require
modification of each application, which isn't sounds well. Better hack
will be to treat 't' bit of directory as 'not follow symlink' instruction
in the kernel. It autoumatically fix all known /tmp races without
applications modification.

-- 
Andrey A. Chernov
http://www.nagual.pp.ru/~ache/
MTH/SH/HE S-- W-- N+ PEC>+ D A a++ C G>+ QH+(++) 666+>++ Y

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message