Subject: Re: NetBSD Security Advisory 1999-008
To: Andrew Brown <atatat@atatdot.net>
From: Bill Studenmund <wrstuden@nas.nasa.gov>
List: current-users
Date: 04/15/1999 12:04:06
On Thu, 15 Apr 1999, Andrew Brown wrote:

> it "sounds" to me (rather admittedly in the dark about things like
> this) that like this is small *class* of problems that have only been
> touched on.
> 
> my aforementioned 1.3.2 machine would panic every single time i did
> it.  whether with the set given in the actual advisory or with the set
> i first heard about (ln -s . foo ; ln -s ./ foo (iirc)).

Right. Maybe it was unclear, but I didn't intend to say that the given
command sequence was the ONLY sequence, but an example sequence.

The problem command is a symlink like:

ln  -s   some_path/  asymlink-to-dir

The problem is triggered when the target is an existing symlink to a
directory, and there's a trailing slash on the end of the text to be
shoved in the link.

Depending on whether some_path starts with a "/" or not, you get different
problens. If no slash, you (should) get the panic, and with slash, you get
a node left locked which will never get unlocked.

Take care,

Bill