In message <[EMAIL PROTECTED]> David Malone writes:
: > File was removed because it was a huge, gaping security hole. It was
: > effectively hard link to the file in question and circumvented some of
: > the usual security protections that the file would otherwise be
: > protected by.
:
: I know - AFAIK I was the one who reported it ;-)
So many bugs. It is hard to put a face on them at times :-)
: > : Linux itself is not subject to this problem because it's exe file
: > : is a synthetic symlink pointing to the executable, not something
: > : which returns the executables actual vnode.
: >
: > And that's why it is still in the tree. A symbolic link doesn't have
: > the security issues that the hard link has.
:
: I think I wasn't clear. The real Linux code doesn't have this problem,
: but the code in /usr/src/sys/miscfs/linprocfs, which was committed to
: 4.0 and 5.0 two days ago does.
Ah. That's a good point.
: Given that libc is using it for something, it is probably important
: to provide a working one in linprocfs, preferably without the
: security hole!
Agreed. I'm happy with just making it a symlink.
Warner
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
