Semantics of symlinks and distributed FS
ekrell at ulysses.UUCP
ekrell at ulysses.UUCP
Mon Feb 9 01:14:59 AEST 1987
In article <6625 at alice.uUCp> dmr at alice.UUCP writes:
>The reason for doing this is that the links are always used to
>simplify naming on the machine on which they exist; for example,
>on one of them, /usr is full of links to the actual locations
>of people's home directories (/usr/dmr -> /usr1/dmr).
The problem I have with this is that when a machine running RFS advertises
a subtree of a file system, its intention is not to advertise its entire
file systems, only a subset. I now can create a symbolic link in /tmp
(or any other directory writable by me) on the server pointing to
"/" and all of a sudden I gain access to the server's entire file system,
breaking the intended security restriction.
Either way you lose, it seems to me. There is no simple answer.
--
Eduardo Krell AT&T Bell Laboratories, Murray Hill
{ihnp4,seismo,ucbvax}!ulysses!ekrell
More information about the Comp.unix.wizards
mailing list