truss says it does not use O_NOFOLLOW.
Olga
2010/3/12 James Carlson <carlsonj at workingcode.com>:
> ????? ???????????? wrote:
>> 2010/3/12 Christine Tran <christine.tran at gmail.com>:
>>> 2010/3/12 ????? ???????????? <olga.kryzhanovska at gmail.com>:
>>>> This one, right?
>>>> -i[SUFFIX], --in-place[=SUFFIX]
>>>> edit files in place (makes backup if extension supplied)
>>>>
>>>> -i copies the content to a temporary backup file, truncates the
>>>> original (keeping permissions, ACL flags etc) and starts processing
>>>> from backup to original file, right?
>>>>
>>>>
>>>> Which purpose has this option (I can't look at the GPL code without
>>>> getting tainted by the GPL):
>>>> --follow-symlinks
>>>> follow symlinks when processing in place
>>> Yes, that's the one.
>>
>> I understand now how -i works but I am puzzled about --follow-symlinks
>> - why is it required?
>
> I would expect that it uses O_NOFOLLOW by default, and --follow-symlinks
> is there to allow the user to disable that feature if he's really sure
> he wants to do that.
>
> If you were running the program as a privileged user you might want to
> have this flag enabled by default so that if someone sneaks in a symlink
> to /etc/passwd in place of one of the files you thought you were
> processing, you don't accidentally do something you'll regret later.
>
> --
> James Carlson 42.703N 71.076W <carlsonj at workingcode.com>
>
--
, _ _ ,
{ \/`o;====- Olga Kryzhanovska -====;o`\/ }
.----'-/`-/ olga.kryzhanovska at gmail.com \-`\-'----.
`'-..-| / Solaris/BSD//C/C++ programmer \ |-..-'`
/\/\ /\/\
`--` `--`
