Subject: Re: NetBSD Security Advisory 1999-008
To: Andrew Brown <firstname.lastname@example.org>
From: Bill Studenmund <email@example.com>
Date: 04/15/1999 12:04:06
On Thu, 15 Apr 1999, Andrew Brown wrote:
> it "sounds" to me (rather admittedly in the dark about things like
> this) that like this is small *class* of problems that have only been
> touched on.
> my aforementioned 1.3.2 machine would panic every single time i did
> it. whether with the set given in the actual advisory or with the set
> i first heard about (ln -s . foo ; ln -s ./ foo (iirc)).
Right. Maybe it was unclear, but I didn't intend to say that the given
command sequence was the ONLY sequence, but an example sequence.
The problem command is a symlink like:
ln -s some_path/ asymlink-to-dir
The problem is triggered when the target is an existing symlink to a
directory, and there's a trailing slash on the end of the text to be
shoved in the link.
Depending on whether some_path starts with a "/" or not, you get different
problens. If no slash, you (should) get the panic, and with slash, you get
a node left locked which will never get unlocked.