Xref: utzoo comp.unix.wizards:22998 alt.security:1142
Path: utzoo!attcan!uunet!clyde.concordia.ca!news-server.csri.toronto.edu!dgp.toronto.edu!flaps
From: flaps@dgp.toronto.edu (Alan J Rosenthal)
Newsgroups: comp.unix.wizards,alt.security
Subject: Re: Hard links to directories: why not?
Keywords: ln, directories, security...
Message-ID: <1990Jul22.111334.9996@jarvis.csri.toronto.edu>
Date: 22 Jul 90 15:13:34 GMT
References: <5222@milton.u.washington.edu> <10527@odin.corp.sgi.com> <1990Jul19.121048.16332@cbnews.att.com>
Distribution: na
Lines: 26

In article <10527@odin.corp.sgi.com> schuman@sgi.com (Aaron Schuman) writes:
>>A foolish user could create loops in the directory structure.

mvadh@cbnews.att.com (andrew.d.hay) writes:
>it would be easy to have ln disallow this:
>1)	resolve argv[1] and argv[2] to absolute paths
>2)	determine which path is shorter
>3)	strncmp() both paths for the shorter length
>4)	if you have a match, you're trying to create a loop

It's true that if they match, you're creating a loop.  However, it's not true
that if they don't match you're not creating a loop.
Here's a counterexample:

Suppose your filesystem is on /mnt.
Do this:

	mkdir /mnt/a
	ln /mnt/a /mnt/b
	mkdir /mnt/a/c
	ln /mnt/a /mnt/b/c/d

Now /mnt/a/c/d and /mnt/a are the same.  So you can refer to
/mnt/a/c/d/c/d/c/d/c/d/c/d, etc.

ajr