Subject: Re: CRITICAL ** Holes in default cron jobs ** CRITICAL
To: None <tech-kern@NetBSD.ORG>
From: Matt Thomas <>
List: tech-kern
Date: 01/02/1997 13:22:12
I've been thinking about this for a while.  I think a possible solution
could be a flag similar to nosuid.

In essence, this flag would force a small change to the semantics of
following symlinks.  Symlinks would be followed iff they are owned by
root or what they point to has the same owner as the symlink.

I think would seal up the security holes with symlinks without totally
disabling them.

Matt Thomas               Internet:
3am Software Foundry      WWW URL:
Westford, MA              Disclaimer: I disavow all knowledge of this message