> For example, consider the classic symlink attack. > We're not supposed to follow symlinks and our system lacks support > for open's O_NOFOLLOW flag. So we lstat the target directory, > determine that it is indeed a directory, then open it. But between > the lstat and the open, someone moved it aside and replaced it with > a symlink to another directory. The only way to detect that is to > compare dev/inode pairs before and after.
OK, but for systems which do have O_NOFOLLOW, this isn't necessary and less efficient than just using O_NOFOLLOW. So can't this test be made conditional for systems lacking O_NOFOLLOW? Miklos
