> In the last Unix-like file system implementation I worked on, we
> specifically prevented open(.., O_CREAT...) from following trailing
> symlinks (In fact, none of the system calls that create a file
> follow trailing links - mknod(), mkdir(), symlink(), bind() on
> AF_UNIX socket, etc.).
Right now, we don't follow links for O_CREAT|O_EXCL, although now
that O_NOFOLLOW is available, we could arguably allow this and just
force userspace to use it.
> They rather generate an EEXIST error if there exists a symbolic
> link with the passed name. With this approach, exploits of the type
> this thread has been discussing can't occur.
Initially I chose EACES but later changed it to ELOOP to be
consistent with FreeBSD if for no other reason (it is somewhat more
logical too). This is presently the state of 2.1.127.
-cw
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/