Rich Brown wrote:
>
> The team just met with Don Cragun to discuss the concerns. We've all
> agreed on how to proceed. Notes coming out shortly and I'll summarize
> on the alias.
>
> Rich
- Don and the team agreed to the following:
* The case would continue, but the commitment level would be changed
to "Consolidation Private" since the only known use of this is for
the find/nftw(3c) problem. This would also eliminate the proposed
change to the stat(2) man page.
* Rich will submit a CR describing the existing security holes. Don,
Jim Carlson, and the team will be on the Interest List.
(I'm currently investigating what security holes still exist and
will submit the CR with my findings.)
* If the team find an additional use for S_IFTRIGGER, then the team
will submit a fast-track to upgrade the commitment level.
* When the security issues are fixed (either by Jim Carlson's fstatat()
suggestion or some other solution), then obsolete/remove the S_IFTRIGGER
bit (assuming the team hasn't upgraded the commitment level).
