Paul Eggert wrote:
There could be some kind of -f, --follow option so that mkdir will
create the directory pointed to.
There is a potential security problem there, if the symbolic link
is in a directory writable by an attacker.
I don't agree that this is a security problem, since mkdir is doing
POSIX requires this, but it is arguably a misfeature, due to the
security issues mentioned.
I still don't understand how this is a security issue any more than the
whole concept of symbolic links is a security issue.
Yes, that's the problem basically. If you're about to say touch /tmp/foo
an
Avis, Ed [EMAIL PROTECTED] writes:
There could be some kind of -f, --follow option so that mkdir will
create the directory pointed to.
There is a potential security problem there, if the symbolic link
is in a directory writable by an attacker.
You'd probably use it together with -p. Then
Eric Blake wrote:
There could be some kind of -f, --follow option so that mkdir will
create the directory pointed to. You'd probably use it together with
-p.
This sounds somewhat similar to cp -f, --force. cp uses
slightly different semantics, required by POSIX (rather than
try to create the
I note that 'touch foo' when foo is a broken symlink will create the
link destination if possible (though without making any directories,
obviously).
POSIX requires this, but it is arguably a misfeature, due to the
security issues mentioned. Perhaps we should add an option to touch
to
ln -s nonexistent foo
There could be some kind of -f, --follow option so that mkdir will
create the directory pointed to. You'd probably use it together with
-p. Then 'mkdir -fp' would be a way to try everything sensible to make
sure the destination exists and can be used as a directory