On Wed, 18 Aug 1999, Matthew Dillon wrote:
> :For the general case (eg the code checked into the system), the check
> :needs to remain enabled. Anything else is insecure.
> :
> :Warner
Oh, absolutely. However, one of the reasons people use an operating system
they have source to is to make it work for them.
>
> I have to agree... whenever one starts discussing weird, esoteric
> workarounds one inevitably introduces security holes. I really think
> just disabling the -s option may be the best solution.
It is apparent that I was unclear. What I meant was use the fstat test for
local files. For NFS mounted files, don't use the test, since it doesn't
work, and don't allow the the -s option. (Better would be to accept, and
ignore the -s, perhaps producing a warning?)
David Scheidt
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
