> Maybe a better way to do things would be to not allow certain symlinks in
> /tmp or other +t directories:
>
> Symlinks in +t dirs must satisfy the following criteria if created by a
> regular user not member of group root:
>
> 1. They cannot be absolute (i.e. they cannot begin with /)
>
> 2. They are not allowed to point to a higher directory
> (Maybe forbid ".." in symlinks?)
>
> Are there any reasons this would not work?
>
> And maybe the functionality should be switchable on and off by writing to
> a file in /proc/sys/kernel/xxxx ?
For ext2fs you could make it yet another attribute for directories, possibly
inheritable like the S_ISUID bit on directories. Alot saner than modifying
the well defined semantics of the S_ISVTX bit.
Ralf