Hi!
On Apr 29, sean finney wrote:
> hi guys,
>
> On Sat, Apr 30, 2005 at 12:26:42AM +0200, Christian Hammers wrote:
> > + O_RDWR | O_EXCL | O_NOFOLLOW,MYF(MY_WME))) < 0)
> ^^^ i think that's where the problem is.
>
> is there any real risk in taking out the O_EXCL?
>
> the O_NOFOLLOW should protect against any symlink attacks, so
> i'm not sure why O_EXCL was also introduced.
No convincing reason.
I felt like O_NOFOLLOW is not as universally portable as O_EXCL.
That's why we also have in my_global.h (?):
#ifndef O_NOFOLLOW
#define O_NOFOLLOW 0
#endif
But as it's your custom patch, and it's only for Debian - where you can
know for sure that O_NOFOLLOW exists - you can safely drop O_EXCL.
But then I'd suggest to remove this #ifdef above. To be on the safe
side :)
Regards,
Sergei
--
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Sergei Golubchik <[EMAIL PROTECTED]>
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, Senior Software Developer
/_/ /_/\_, /___/\___\_\___/ Osnabrueck, Germany
<___/ www.mysql.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
