On Mon, 24 Aug 1998, Jim Bernard wrote:
>   Yes, it's surely sufficient, but doesn't address the security risk involved
> in following possibly unsafe links.  Since the program will almost universally
> be used by root (and, possibly, but rarely, by regular users installing into
> their own personal package trees), I don't think the restrictions are too
> onerous.

Well, in directories that are writable by users, i see this problem. But
as /usr isn't writeable, I don't think this makes too much sense.


>   It is surely true that there are other places in the package system where
> similar problems occur, and I didn't address those.  This one is the most
> bothersome, and with the islinktodir() function, it should be easier to
> address those other places as they are found.  But, I don't think that a
> blanket replacement of all calls to isdir() by islinktodir() (or a change
> from lstat to stat in isdir()) is appropriate--most likely there are places
> where it's really appropriate to check for an actual directory (though I
> haven't tried very hard to prove that there are such cases).

At least for the lstat->stat change, this is a big no-no, as this will
lead to no symlinks any more in binary pkgs. We've been through all this
before, and to completely fix things, one needs to read all the source and
decide for each individual call.


 - Hubert

-- 
Hubert Feyrer <hubert.feyrer@rz.uni-regensburg.de>