Xref: utzoo comp.unix.wizards:22928 alt.security:1119
Path: utzoo!attcan!uunet!shelby!bu.edu!xylogics!samsung!zaphod.mps.ohio-state.edu!sdd.hp.com!ucsd!ucbvax!ulysses!ulysses.att.com!smb
From: smb@ulysses.att.com (Steven Bellovin)
Newsgroups: comp.unix.wizards,alt.security
Subject: Re: Hard links to directories: why not?
Keywords: ln, directories, security...
Message-ID: <13432@ulysses.att.com>
Date: 18 Jul 90 19:14:35 GMT
References: <5222@milton.u.washington.edu>
Sender: netnews@ulysses.att.com
Lines: 26

In article <5222@milton.u.washington.edu>, wiml@milton.u.washington.edu (William Lewis) writes:
> 
>    In the man entry for ln(1) (and for link(2)),  it says that
> hard links may not be made to directories, unless the linker is
> the super-user (in order to make '.' and '..', I suppose). My 
> question is: why not? (and is there any reason that I, if I'm
> root, shouldn't do this?) It seems perfectly harmless to me, although 
> it would allow the user to make a pretty convoluted directory structure,
> that's the user's priviledge. So I suppose it's probably a security
> issue somehow (restrictions of this sort seem to be). Hence the
> crosspost to alt.security. 

I quote from the original Ritchie and Thompson paper:

	The directory structure is constrained to have the form of a
	rooted tree.  Except for the special entries ``.'' and ``..P'',
	each directory must appear as an entry in exactly one other
	directory, which is its parent.  The reason for this is to
	simplify the writing of programs that visit subtrees of the
	directory structure, and more important, to avoid the
	separation of portions of the hierarchy.  If arbitrary links to
	directories were permitted, it would be quite difficult to
	detect when the last connection from the root to a directory
	was severed.

No need for excess paranoia...