[ On Wednesday, May 15, 2002 at 12:44:13 (-0400), Andrew Brown wrote: ]
> Subject: /etc/security, mtree, and links to files and directories
>

I've encountered very much the same problem with the likes of
/usr/pkg/info where I want it to be a symlink pointing to
/usr/pkg/share/info.

> can anyone think of any security risks associated with mtree always
> following all the symlinks?  or...not warning if it finds one where it
> expected a file or a directory?

Any file that's explicitly supposed to be a regular file should never be
a symlink.  Conversely any file that's supposed to be a symlink should
never be any other type of file.

I think what we need in 'mtree' is the ability to say that some object
may be either a file (of some specified type) or a symlink, and in the
latter case the optional ability to say where the symlink must point to.
In an ideal world the symlink value could be expressed as a form of
extended glob pattern (one that allows "/foo/*" to be differentiated
from "/foo/bar/*", though I don't yet have a good idea of what that
syntax might be), or perhaps as an ERE.

-- 
								Greg A. Woods

+1 416 218-0098;  <gwoods@acm.org>;  <g.a.woods@ieee.org>;  <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>