>>POSIX requires this, but it is arguably a misfeature, due to the >>security issues mentioned. > > I still don't understand how this is a security issue any more than the > whole concept of symbolic links is a security issue.
Yes, that's the problem basically. If you're about to say "touch /tmp/foo" an attacker can do "ln -s /victim/.newsrc /tmp/foo". > I'll wait for a newer coreutils release, and instead of using 'mkdir -p' > as the standard way of trying hard to make a directory, use instead > 'mkdir -p `readlink -f`'. Given what you said that you wanted, you might prefer -m instead. And you might want to quote things (to protect against link expansions with shell metacharacters), and protect against file names or link expansions with leading "-". Something like this, perhaps: mkdir -p -- "$(readlink -m -- "$file")" _______________________________________________ Bug-coreutils mailing list [email protected] http://lists.gnu.org/mailman/listinfo/bug-coreutils
