Xref: utzoo comp.unix.wizards:22926 alt.security:1117
Path: utzoo!attcan!uunet!decwrl!sgi!shinobu!odin!schuman
From: schuman@sgi.com (Aaron Schuman)
Newsgroups: comp.unix.wizards,alt.security
Subject: Re: Hard links to directories: why not?
Keywords: ln, directories, security...
Message-ID: <10527@odin.corp.sgi.com>
Date: 18 Jul 90 17:32:47 GMT
References: <5222@milton.u.washington.edu>
Sender: news@odin.corp.sgi.com
Organization: Silicon Graphics 415-335-1901
Lines: 24

Wiliiam Lewis>	In the man entry for ln(1) (and for link(2)),
Wiliiam Lewis>	it says that hard links may not be made to directories,
Wiliiam Lewis>	unless the linker is the super-user ...
Wiliiam Lewis>	My question is: why not?
Wiliiam Lewis>	It seems perfectly harmless to me, although 
Wiliiam Lewis>	it would allow the user to make a pretty convoluted
Wiliiam Lewis>	directory structure, that's the user's privilege.

I don't know of any way that an ordinary user could parlay the ability
to make hard links to a directory into obtaining superuser status.

But that is not the only reason why some system calls are restricted.
A foolish user could create loops in the directory structure.
Lots of file system functions depend on the absence of loops in
order to guarantee completion.  Some system calls would never return.


Wiliiam Lewis>	So I suppose it's probably a security issue somehow

Denial of service is sometimes considered a security issue,
and sometimes considered just a matter of proper administration.
Choose your own taxonomy of admin nightmares.

					Aaron