Thoughts on Multi-Symlink Concept
Andrew Duane
aduane at juniper.net
Mon Feb 24 18:37:54 UTC 2014
-----Original Message-----
From: owner-freebsd-hackers at freebsd.org [mailto:owner-freebsd-hackers at freebsd.org] On Behalf Of Robert Watson
Sent: Monday, February 24, 2014 1:31 PM
To: Jordan Hubbard
Cc: freebsd-filesystems at freebsd.org; freebsd-hackers at freebsd.org; Willem Jan Withagen; Perry Hutchison
Subject: Re: Thoughts on Multi-Symlink Concept
On Sat, 22 Feb 2014, Jordan Hubbard wrote:
>>> Apollo Domain systems had those, and they were great. Set SYSTYPE to BSD4
>>> and get the BSD tree and all that came with it, or SYSV to get the other
>.> stuff.
>>
>> Yep, I loved these things on Domain/OS! We system admin types used them to
>> do all kinds of clever (and useful) things.
>>
>> Looks like FreeBSD has actually *had* an implementation for 6 years now. I
>> don't necessarily agree with the architectural decision to create a
>> different namespace and command (varsym) to manipulate it - it was really
>> nice just having it be a part of the standard environ(7) - but hey, any
>> implementation is better than no implementation. Whatever happened to
>> https://wiki.freebsd.org/200808DevSummit?action=AttachFile&do=get&target=variant-symlinks-for-freebsd.pdf?
>
>Some care is required here: at least one of the past implementations floating
>around had the neat property that user-defined symlink expansions occurred
>before system-defined ones, even for setuid binaries. This allowed trivial
>replacement of libraries out from under a binary, making rooting boxes easy.
>I'm actually a fan of variant symlinks as well, having used them in AFS -- I'd
>just prefer we aim for a model that minimises inconvenient rooting of boxes.
>(I'm not passing judgement on this particular patch, mind you.) I believe
>Brooks Davis did the last serious pass at variant symlinks and might opine
>further on the topic.
>
>Robert
I'd also be careful of violating the Principle of Least Astonishment with any
Implementation. Multi or Variable symlnks that suddenly change meaning
Can really confound people.
/Andrew
More information about the freebsd-hackers
mailing list