Return to BSD News archive
Newsgroups: comp.os.386bsd.development Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!agate!howland.reston.ans.net!usc!cs.utexas.edu!uunet!emba-news.uvm.edu!sadye.emba.uvm.edu!wollman From: wollman@sadye.emba.uvm.edu (Garrett Wollman) Subject: Re: A challenge to all true kernel hackers - conditional symlinks. Message-ID: <1993Mar11.165640.21096@uvm.edu> Sender: news@uvm.edu Organization: University of Vermont, EMBA Computer Facility References: <JKH.93Mar9214944@whisker.lotus.ie> <CGD.93Mar9185827@eden.CS.Berkeley.EDU> <1993Mar11.001929.5652@fcom.cc.utah.edu> Date: Thu, 11 Mar 1993 16:56:40 GMT Lines: 34 In article <1993Mar11.001929.5652@fcom.cc.utah.edu> terry@cs.weber.edu (A Wizard of Earth C) writes: > This is a simple mod of /sys/kern/vfs_lookup.c, but it introduces >a number of *bad* security holes (look at the CERT advisories on NeXT >machines if you don't believe me). This is indeed a problem. However, IBM has provided some similar functionality (with a radically different implementation) in their system, and NeXT did get one thing right. The thing that NeXT got right (and they got it from CMU; it's a standard part of AFS) is `@sys' and brethren. These are interpreted on a system-wide basis, set up as a part of conifguration, and interpreted only during symlink expansion. For the work that I'm doing, it would be *really* nice to be able to doing things with `/386bsd' and know that it is *guaranteed* to point to whatever the current running kernel is, regardless of what it was called when loaded. The thing that IBM got right is that it is possible to mount practically anything over practically anything else of the same type. This means that, for example, it is possible to mount one *file* over another, obscuring the old file in the process. The IBMs also seem to be a lot less touchy about multiple mounts/exports pointing towards the same physical file system; e.g., it is legal to mount `/usr/share/lib/terminfo' from another system which exports `/usr/share' to most users. This is a somewhat useful feature. -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@emba.uvm.edu | Shashish is the bonding of hearts in spite of distance. uvm-gen!wollman | It is a bond more powerful than absence. We like people UVM disagrees. | who like Shashish. - Claude McKenzie + Florent Vollant