Subject: Re: PR 6009 (pkg_add fails if PREFIX is a symbolic link)
To: Hubert Feyrer <hubert.feyrer@rrzc1.rz.uni-regensburg.de>
From: Jim Bernard <jbernard@ox.mines.edu>
List: tech-pkg
Date: 08/24/1998 06:38:26
On 8 24, Hubert Feyrer wrote:
> 
> The problem described in PR 6009 occurs all over the pkg_* source, not 
> only in that single place. The suggested fix is correct, although I think 
> that there are more places that suffer with this lossage. The suggested 
> islinktodir() function seems a bit too restrictive regarding directory 
> permissions to me; a simple stat() instead of lstat() in the right(!) 
> places should be sufficient.

  Yes, it's surely sufficient, but doesn't address the security risk involved
in following possibly unsafe links.  Since the program will almost universally
be used by root (and, possibly, but rarely, by regular users installing into
their own personal package trees), I don't think the restrictions are too
onerous.

  It is surely true that there are other places in the package system where
similar problems occur, and I didn't address those.  This one is the most
bothersome, and with the islinktodir() function, it should be easier to
address those other places as they are found.  But, I don't think that a
blanket replacement of all calls to isdir() by islinktodir() (or a change
from lstat to stat in isdir()) is appropriate--most likely there are places
where it's really appropriate to check for an actual directory (though I
haven't tried very hard to prove that there are such cases).