|
| From: | John Ogness |
| Subject: | [Dazuko-devel] soft links (bad news) |
| Date: | Tue, 04 Feb 2003 12:19:36 +0100 |
| User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130 |
Hi,As pointed out in the forum, Dazuko does not pick up soft links. This is dangerous because it means that files are going unnoticed simply because they TRULY sit in another, unwatched directory. How can we get around this?
The problem is that the system sys_open call receives a string giving the original path of the file and not the "accessed path". The flag and mode parameters also don't give any hint that you are actually accessing a link.
It is clear why this is happening, but for the purposes of Dazuko, this is a major loophole.
Administrators that are using Dazuko for security-based systems are OK as long as they do not allow soft links (for example with HTTP, FTP, Samba, Netatalk). Enabling soft links is dangerous, anyway.
Hopefully we can find an efficient solution to this. John Ogness -- Dazuko Maintainer
| [Prev in Thread] | Current Thread | [Next in Thread] |