In the modern world, the demand seems to be that every tool be perfectly safe in every situation no matter what you do (and it seems practically nothing lives up to this demand, given the ever increasing river of silly CVEs for almost every component, like regex DoS on build tools).
It's important to understand the scope of the issue. If you create and operate on your own symlinks in your own folders, there is no problem. The problem is when a more privileged user operates on folders that can be written to by less privileged users, for example system daemons (like a /tmp cleanup, or a web server serving /home/*/www), or suid binaries. These things need to be written very carefully, it is now clear.
But if I'm working with my own files, media, source code, build tools, web pages, etc, in my own folders, then symlinks are still fine.
> In the modern world, the demand seems to be that every tool be perfectly safe in every situation no matter what you do
The problem is that there is such a huge number of tools in widespread use that each one causing even a few security vulnerabilities means that the ecosystem overall is constantly vulnerable
I appreciate the reply, but after thinking about it I think it's more akin to someone having been sold a house only to be told eight years later that the seller of the house knew that if someone tied a shoelace to the front door and pulled on it, then the entire house would explode.
It's more akin to pulling the shoelace, and the door closes on your fingers. Oh no, doors are unsafe, how utterly broken.
Or, more like, if there's an attacker hiding in your house, while you're setting up the shoelace door thing for some odd reason, they could slam the door on your fingers. Oh no, how were we ever allowed to have doors, so criminally unsafe.
It's important to understand the scope of the issue. If you create and operate on your own symlinks in your own folders, there is no problem. The problem is when a more privileged user operates on folders that can be written to by less privileged users, for example system daemons (like a /tmp cleanup, or a web server serving /home/*/www), or suid binaries. These things need to be written very carefully, it is now clear.
But if I'm working with my own files, media, source code, build tools, web pages, etc, in my own folders, then symlinks are still fine.
And there is an existing setting to mitigate a couple common forms of the issue that does exist when accessing folders other users can write to: https://www.kernel.org/doc/html/latest/admin-guide/sysctl/fs...