So perhaps we should implement a "nosymlinks" mount option which would
   disable symlinks on a file system.  (Or perhaps, only the creation of
   new symlinks.)  That would seem like a useful option on /tmp and
   /var/mail to me.

i laughted out loud when i read this.  a few months back, when
the "find | xargs" problem was first generally known, i added
a ROOT_ONLY_SYMLINK option to my kernel -- only the superuser
was allowed to create symbolic links.

this perhaps is a better idea, but i think that root should
be allowed to do it regardless of this option.