Symbolic Links VS. Security
Henry Spencer
henry at utzoo.UUCP
Sat Nov 17 04:01:36 AEST 1984
> There was plenty of thought about those issues that were issues.
You mean, about those issues that people thought were issues. I've seen
no evidence that anyone realized that symbolic links are a significant
change to the semantics of the pathname->file mapping. It is hard to
imagine anything more central to UNIX. Yet symbolic links appear to
have been treated as a trivial extra. I stand by my original statement:
the implications of symbolic links were not fully understood. They still
aren't. By anyone.
> Security, though, was not a major issue - when you get a 4.2
> system, you get the system that Berkeley prepared for ARPA.
> There were certain goals, tight security was (to the best of
> my knowledge) never one of them. If you don't like that,
> then run something else.
If ARPA said anything explicit about it at all, I would suspect that
"security no worse than 4.1BSD" would have been mentioned. It is
one thing to say that tight security was not an issue; it is another
to weaken security seriously without telling anyone, and (apparently)
without even realizing it was happening.
> ps: Henry - How do you manage to find a job where you get time
> to post all that news ?? :-)
A religious policy of unsubscribing to non-technical newsgroups frees
up a remarkable amount of time... :-)
--
Henry Spencer @ U of Toronto Zoology
{allegra,ihnp4,linus,decvax}!utzoo!henry
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list