This is the mail archive of the libc-hacker@sourceware.cygnus.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: O_NOFOLLOW

To: roland@frob.com
Subject: Re: O_NOFOLLOW
From: tb@mit.edu (Thomas Bushnell, BSG)
Date: Sat, 24 Oct 1998 18:47:53 -0400 (EDT)
Cc: aj@arthur.rhein-neckar.de, libc-hacker@gnu.org

   Date: Sat, 24 Oct 1998 05:35:50 -0400
   From: Roland McGrath <roland@frob.com>

   > This was AFAIK implemented to guard against creating, e.g. forcing
   > root to create a file (core) that is symlinked to /etc/passwd.

   ? What's wrong with O_CREAT|O_EXCL?

The point is apparently for opening files which might legitimately
already exist, but which must not be symlinks; it's a reasonable
solution to a long-standing category of security weaknesses.  

We can implement it in the Hurd purely in the library; if it's set
then enable O_NOFOLLOW, followed by io_stat and then an error if we
got a symlink.

Thomas

References:
- Re: O_NOFOLLOW
  - From: Roland McGrath <roland@frob.com>

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]