From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 23756 invoked by alias); 2 Aug 2012 13:40:22 -0000 Mailing-List: contact zsh-users-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Users List List-Post: List-Help: X-Seq: 17188 Received: (qmail 5034 invoked from network); 2 Aug 2012 13:40:20 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 Received-SPF: none (ns1.primenet.com.au: domain at closedmail.com does not designate permitted sender hosts) From: Bart Schaefer Message-id: <120802064008.ZM12237@torch.brasslantern.com> Date: Thu, 02 Aug 2012 06:40:08 -0700 In-reply-to: <501A4499.2020607@gmail.com> Comments: In reply to Piotr Karbowski "Zsh doing weird symlinks /pid-*/*" (Aug 2, 11:12am) References: <501A4499.2020607@gmail.com> X-Mailer: OpenZMail Classic (0.9.2 24April2005) To: Zsh Users Subject: Re: Zsh doing weird symlinks /pid-*/* MIME-version: 1.0 Content-type: text/plain; charset=us-ascii On Aug 2, 11:12am, Piotr Karbowski wrote: } } Recently I put a zsh on a box with grsecurity's RBAC enabled and } noticed, that zsh trying to create a weird symlink like } /pid-2031/host-localhost, whats is the reason to do so? It's creating a dummy symlink that points to a non-existent file as a way to atomically create a synchronization lock file and also store useful information about which process and host acquired the lock (in case the filesytem on which the lock is needed is an NFS share). At the time this was invented, no one considered that there might be a reason for a security policy to deny a symlink to a file that could not possibly exist. (In fact there probably wasn't any security mechanism for doing so, at that time.) Is there a target path for such a symlink that will not be denied? Perhaps prefix the path with "/tmp"? (Src/hist.c, search for "pidbuf") Meanwhile this probably needs to be something we test for in configure, though whether it succeeds may depend on who is running the build ...