Subject: Re: lchflags(2)?
To: None <>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-kern
Date: 04/20/2000 13:51:34
> I think the idea here is now you can make it so even root can't
> change where a symbolic link points to if the link itself is
> immutable, i.e. a security feature.

Are immutable files non-removable, then?  Because as it stands,
*nobody* can *ever* change where a symlink points - all you can do is
remove it and create a new one.  (I've thought that the write bit on a
symlink should allow atomically replacing it with symlink(2), but as
the vnode interface stands that would have to be done in the individual
filesystems rather than in sys_symlink()....)

If immutable stuff is non-removable and non-renamable, that opens up
whole piles of DoS possibilities.  But if they *are* removable and/or
renamable, then there's a fairly real sense in which they're not


					der Mouse

		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B