On Mon, May 30, 2011 at 6:56 AM, halfdog <me () halfdog net> wrote:
It seems that quite a few backup applications are (or were) vulnerable
to special combined symlink/timing attacks on pathname components before
the last one (so O_NOFOLLOW does not help).
Please let me know, if ... you
have good reason, that the kernel interface is not the point, where this
issue could be addressed most efficiently.
use lvm snapshots for backups, either directly at volume level or
mounting a read-only snapshot and running backup over that static