Re: security warning

Alan Cox (alan@lxorguk.ukuu.org.uk)
Tue, 16 Dec 1997 22:41:43 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeffrey Hundstad: "Re: security warning"
Previous message: Linus Torvalds: "Re: security warning"
Next in thread: Kevin Buhr: "PATCH against 2.1.72: better symlinks for a better future (was Re: security warning)"
Reply: Kevin Buhr: "PATCH against 2.1.72: better symlinks for a better future (was Re: security warning)"

> No, 2.0.x also followed symlinks for create(), I'm fairly certain. It used
> to be pretty painful to do, actually, but others did it, and I think
> people even pointed to programs that wanted it done.

2.0 does not follow the symlink for the last node of creat, and its
vital it doesnt.

ln -s /tmp/nosuchfile foofile
./a.out

2.0 -EEXIST
2.1 creates it

touch /tmp/nosuchfile

./a.out

2.0 -EEXIST
2.1 creates it

Test code

#include <stdio.h>
#include <fcntl.h>

int main(int argc,char *argv[])
{
if(open("foofile", O_EXCL|O_CREAT|O_TRUNC, 0600)==-1)
perror("foofile");
return 0;
}

Alan

Next message: Jeffrey Hundstad: "Re: security warning"
Previous message: Linus Torvalds: "Re: security warning"
Next in thread: Kevin Buhr: "PATCH against 2.1.72: better symlinks for a better future (was Re: security warning)"
Reply: Kevin Buhr: "PATCH against 2.1.72: better symlinks for a better future (was Re: security warning)"