This is the mail archive of the
libc-hacker@sourceware.cygnus.com
mailing list for the glibc project.
Re: O_NOFOLLOW
- To: roland@frob.com
- Subject: Re: O_NOFOLLOW
- From: tb@mit.edu (Thomas Bushnell, BSG)
- Date: Sat, 24 Oct 1998 18:47:53 -0400 (EDT)
- Cc: aj@arthur.rhein-neckar.de, libc-hacker@gnu.org
Date: Sat, 24 Oct 1998 05:35:50 -0400
From: Roland McGrath <roland@frob.com>
> This was AFAIK implemented to guard against creating, e.g. forcing
> root to create a file (core) that is symlinked to /etc/passwd.
? What's wrong with O_CREAT|O_EXCL?
The point is apparently for opening files which might legitimately
already exist, but which must not be symlinks; it's a reasonable
solution to a long-standing category of security weaknesses.
We can implement it in the Hurd purely in the library; if it's set
then enable O_NOFOLLOW, followed by io_stat and then an error if we
got a symlink.
Thomas