Thoughts on Multi-Symlink Concept
Robert Watson
rwatson at FreeBSD.org
Mon Feb 24 18:31:09 UTC 2014
On Sat, 22 Feb 2014, Jordan Hubbard wrote:
>> Yes, please can we get these ....
>>
>> Apollo Domain systems had those, and they were great. Set SYSTYPE to BSD4
>> and get the BSD tree and all that came with it, or SYSV to get the other
>> stuff.
>
> Yep, I loved these things on Domain/OS! We system admin types used them to
> do all kinds of clever (and useful) things.
>
> Looks like FreeBSD has actually *had* an implementation for 6 years now. I
> don’t necessarily agree with the architectural decision to create a
> different namespace and command (varsym) to manipulate it - it was really
> nice just having it be a part of the standard environ(7) - but hey, any
> implementation is better than no implementation. Whatever happened to
> https://wiki.freebsd.org/200808DevSummit?action=AttachFile&do=get&target=variant-symlinks-for-freebsd.pdf
> ?
Some care is required here: at least one of the past implementations floating
around had the neat property that user-defined symlink expansions occurred
before system-defined ones, even for setuid binaries. This allowed trivial
replacement of libraries out from under a binary, making rooting boxes easy.
I'm actually a fan of variant symlinks as well, having used them in AFS -- I'd
just prefer we aim for a model that minimises inconvenient rooting of boxes.
(I'm not passing judgement on this particular patch, mind you.) I believe
Brooks Davis did the last serious pass at variant symlinks and might opine
further on the topic.
Robert
More information about the freebsd-hackers
mailing list