First, my $0.02 regarding the idea, and what I would like to see, and
I will welcome any CONSTRUCTIVE criticism of these comments, and
especially from Linus...
1. The permissions applicable to a SymLink are those applicable to
the file or directory it points to, as modified by any adverse
permissions in the path to that directory, so if the user in
question does not have access to the file or directory by any
other means, they also do not have access to it through any
SymLinks, variable or otherwise - or am I missing something?
If this is the case, then variable SymLinks can have little (if
any) security implications for users other than root, since the
root user implicitly has full access to every file.
2. I would love to be able to set up some symlinks of the form...
WorkDir -> ~/.Application/WorkDir
...for applications which are better centrally installed, but
insist on placing working directories directly under where they
are installed - or better still, I'd like to persuade all of the
programmers who currently program suchlike behaviour to take the
more sensible approach of placing working directories in a fixed
or variable subdirectory under the user's home directory!!! At the
moment, the only options are a fixed SymLink to /tmp/.Application
(which is an instant security hole), or allowing all users access
to the relevant working directory !!!
Such a SymLink (one whose target begins with the ~/ sequence) can
have NO security implications since it ALWAYS points to the home
directory of the user running the program, and likewise, it can't
really break anything since such a name placed on the command line
is implicitly expanded with the same meaning anyway...
3. Personally, I can't see any need for any other form of variable
SymLinks than that addressed in (2) above, but would certainly be
interested in seeing justification for them. All of the proposals
I have seen so far could be dealt with using the VarLink mentioned
in (2) above, together with normal SymLinks in the directory so
referenced by each user.
Now, a question of my own...
>> That, unfortunately, is really unacceptable.
> Unacceptable to whom? Why? Will we break all of the symlinks to
> files that are named ${xxx}??? Not unless such an env variable
> exists. Anyway, how many files do you have named like that?
On my system, I only ever have one file with a name containing ${ and
it doesn't have the trailing } on it - and the only reason I have that
is an application I need to run that creates the file /tmp/}${ whilst
it is running. However, if any of the various "variable symlink"
systems did ever get in the kernel, how would it affect such a file?
Best wishes from Riley.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu