Xref: utzoo comp.unix.wizards:22935 alt.security:1121
Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!virtech!cpcahil
From: cpcahil@virtech.uucp (Conor P. Cahill)
Newsgroups: comp.unix.wizards,alt.security
Subject: Re: Hard links to directories: why not?
Keywords: ln, directories, security...
Message-ID: <1990Jul18.235607.19403@virtech.uucp>
Date: 18 Jul 90 23:56:07 GMT
References: <5222@milton.u.washington.edu>
Reply-To: cpcahil@virtech.UUCP (Conor P. Cahill)
Organization: Virtual Technologies Inc., Sterling VA
Lines: 37

In article <5222@milton.u.washington.edu> wiml@milton.u.washington.edu (William Lewis) writes:
>
>   In the man entry for ln(1) (and for link(2)),  it says that
>hard links may not be made to directories, unless the linker is
>the super-user (in order to make '.' and '..', I suppose). My 
>question is: why not? (and is there any reason that I, if I'm
>root, shouldn't do this?) It seems perfectly harmless to me, although 
>it would allow the user to make a pretty convoluted directory structure,

The big (and I mean REAL BBBBIIIIGGGG) problem with hard linking directories
is that find does not know how to recognize and handle them.  When find
processes a file system it actually cd's to each directory and then cds to ..
to go back.  When you have two directories linked to gether a cd to .. in
either directory will always go to the same parent directory.  If both
are at the same exact place in the file system you would be ok, but if
they are at different levels (different paths (other than basename) find
will end up skipping some of your file system.

Now you might say that you don't care that much about find.  That is, you 
might say this until you realize that find is used as a main portion of the
backup scheme on many systems, so your backups will get screwed up.

Anyway, that is one problem.  There probably are others with equally 
disasterous results.

>that's the user's priviledge. So I suppose it's probably a security
>issue somehow (restrictions of this sort seem to be). Hence the
>crosspost to alt.security. 
>-- 
>wiml@blake.acs.washington.edu       Seattle, Washington  | No sig under
>(William Lewis)  |  47 41' 15" N   122 42' 58" W  |||||||| construction


-- 
Conor P. Cahill            (703)430-9247        Virtual Technologies, Inc.,
uunet!virtech!cpcahil                           46030 Manekin Plaza, Suite 160
                                                Sterling, VA 22170