Don Cragun writes: > >From: James Carlson <james.d.carlson at sun.com> > >Thus, while I see that your flag is indeed an improvement over the > >current code (it makes the existing test much cleaner), and I'm not > >opposed to it on those grounds, I just think it could be better. The > >only question I have is whether AT_TRIGGER is too hard to implement. > >I can't answer that question, because I don't know this code well. > >I'd like to know from you (or from any expert on the code in question) > >whether this is a reasonable possibility. > > I'm still strongly opposed. If the path presented to the first > *stat*() function is a symlink pointing to an autofs/nfs directory, the > symlink can be changed between the *stat*() call and the opendir() call > and this spoofing action cannot be reliably detected by the > application. With AT_TRIGGER, this spoofing action can be caught every > time it happens.
Yes. However, that's actually the same state we are in right now (with no fix at all), and the state we've been in since February 2005 when CR 6198351 integrated and added the autofs-testing logic. It's a hole that ought to be fixed, but it's a little less clear to me that it's this project team's responsibility to do so. I'm not disagreeing with you. I think you've got an entirely valid position here. I'm just pointing out that these are perhaps separable issues. -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
