Subject: Re: coredump following symlinks
To: Robert Elz <kre@munnari.OZ.AU>
From: Manuel Bouyer <firstname.lastname@example.org>
Date: 08/27/1999 13:41:46
On Fri, Aug 27, 1999 at 09:00:38PM +1000, Robert Elz wrote:
> >From following symlinks (if the core file name is a symlink), that's
> reasonable - from overwriting existing files, that's not, nor is it
> really necessary.
> In particular, if you're using short core names ("core") it isn't really
> reasonable to not have a process leave a core dump, just because some other
> did, some time in the past, which hasn't been deleted.
The problem is similar: you loose a core dump in both case.
The question is just do we want to keep the first core dump or the last one ?
I've been in situations where the first one would have been more usefull.
> I think that all the security problems can be avoided if you just never
> write onto a file name which is a symlink, and never write on a file which
> has more than one link. Neither of those is likely to bother any normal
> use of core files, so would be reasonable restrictions. Requiring
> "rm core" before running any command, just in case that command would
> have liked to dump core, isn't reasonable.
It's easy to add this check (just call vn_stat after namei).
I'll cook up an updated patch in the next hours.
Manuel Bouyer, LIP6, Universite Paris VI. Manuel.Bouyer@lip6.fr