On Fri, Aug 27, 1999 at 11:03:43AM -0400, Bill Sommerfeld wrote:
> > Is this possible ?
> 
> If not now, it's likely to be in the future.

Agreed.

> 
> > Do you have an idea on how to solve this ? I'm not really familiar with
> > VFS ...
> 
> It's not specific to VFS; it's a classic security gotcha with any kind
> of kernel where you check one thing and then operate on another..

Actually it's more like we operate on the same thing, but we relase the lock
between the 2 operations. I don't know how to fix this without rewiting
parts of vn_open() in kern_sig() (or add a function like vn_open()
but which takes a struct nameidata on which namei() has already been run.

> 
> Just don't allow coredumps through symlinks, since it's of dubious
> value now that corefiles are named "progname.core" anyway.

This one is more easy, it can be done in vn_open(). I've just stolen what
OpenBSD did :)

> 
> Over on tech-security I just proposed a "coredump filename format"
> process attribute which would give the folks creating ~/core symlinks
> what they really want, which is a way to control where the coredumps
> land.

Who will implement it ? :)

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--