One problem is it follows it for a lot more than it used to. Following symlinks
on creation is bad. It causes a lot of "symlink traps". 2.0 stamps on the
symlink and tough the hacker loses. Its an issue because stuff like sendmail
checks for the problem and builds appropriately. That means standard sendmail
builds configured on 2.0 and run on 2.1 have exploitable holes for example.
There is a definite security wisdom that following a symlink as the last
component of a creation operation is bad. That is
if /foo is a symlink
mkdir /foo/bar is fine
mkdir /foo or open("/foo", O_CREAT) should error or remove it
I'll have a look at the stuff if its supposed to be easy to fix 8)
Alan