On 09/20/2017 07:32 AM, Pádraig Brady wrote: > I'd be more inclined > to have another kernel value for /proc/sys/fs/protected_symlinks > that also provided the protection to non sticky dirs?
I'm also worried about compatibility here: the user will be confused why cp, mv etc from coreutils are not 'just working' anymore ... he will try -f first, and then simply use something else (rsync, whatever). So the flag on kernel level seems the right place to me to prevent this issue. Have a nice day, Berny
