Subject: Re: symlink-to-dir-race-free unlink/rmdir
To: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
From: Greg Hudson <ghudson@MIT.EDU>
List: tech-security
Date: 03/07/1999 15:21:35
Previous conversations about the symlink race have included
suggestions for an inherited per-process flag to avoid symlinks.  I
like that approach better, since you can use all your familiar
command-line tools in a symlink-free environment, like:

	cd /var/tmp && nosymlinks sh -c 'find . -type f -print | xargs rm -f'

(No, you wouldn't want to run that actual find/xargs command for
various reasons, but that's irrelevant.)  Nobody suggested a
"nomountpoints," but that could be done too.  Or there could be one
command that does both.  Whatever.

Of course, doing it on a per-syscall-invocation level gives the
application more flexibility, but I don't know that the flexibility is
really needed.