Safer path lookup
Posted May 26, 2011 13:41 UTC (Thu) by epa
In reply to: Safer path lookup
Parent article: Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering
That would annoy a lot of system adminstrators, who have long used symlinks to bind things into place when disk space runs low.
Apache has an explicit FollowSymlinks flag which can be turned on or off as the sysadmin desires. That's probably the best way to do things. And if the default configuration has this flag turned off, that's also the right choice, on the principle that you can turn it on if you know what you're doing.
Support in the kernel for a no-symlinks flag might let Apache and other userspace programs do their path lookups more efficiently (and with less code, if you're willing to run on Linux only).
to post comments)