LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Safer path lookup

Safer path lookup

Posted May 26, 2011 13:41 UTC (Thu) by epa (subscriber, #39769)
In reply to: Safer path lookup by nix
Parent article: Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering

That would annoy a lot of system adminstrators, who have long used symlinks to bind things into place when disk space runs low.
Apache has an explicit FollowSymlinks flag which can be turned on or off as the sysadmin desires. That's probably the best way to do things. And if the default configuration has this flag turned off, that's also the right choice, on the principle that you can turn it on if you know what you're doing.

Support in the kernel for a no-symlinks flag might let Apache and other userspace programs do their path lookups more efficiently (and with less code, if you're willing to run on Linux only).

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds