On 2 Oct 1999, Harald Meland wrote:
> As far as I can see, a simple symlink ~/root -> / will still allow
> users creating files anywhere they like (if they have write access).
In order to make the symlink, the user presumably has to have a shell
account, in which case what is the point in restricting the files the
MTA can create when the user can created them anywhere from a shell?
I think the people that use create_file are running systems where the
users do not have shell acounts, and so cannot set up symlinks.
> To fix this, one would have to grind the destination through
> realpath(3) (on systems that have such a thing) and compare the
> resulting fully resolved destination with whatever restrictions there
> are.
Nevertheless, I'll take a look at realpath() and arrange to use it on
those systems that have it.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.