Path: utzoo!mnetor!tmsoft!torsqnt!lethe!yunexus!ists!helios.physics.utoronto.ca!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!elroy.jpl.nasa.gov!turnkey!orchard.la.locus.com!fafnir.la.locus.com!fafnir.la.locus.com!richard
From: richard@locus.com (Richard M. Mathews)
Newsgroups: comp.unix.internals
Subject: Re: Ideas for changes to Unix filesystem
Message-ID: <richard.665896876@fafnir.la.locus.com>
Date: 7 Feb 91 03:21:16 GMT
References: <1991Jan30.143326.16676@socs.uts.edu.au> <121494@uunet.UU.NET>
Organization: Locus Computing Corporation, Los Angeles, California
Lines: 22

rbj@uunet.UU.NET (Root Boy Jim) writes:

>Many people have complained about "security problems".
>I don't see any. If you have an fd, you have the data, so you
>can copy it to your own file anyway. An flink is just faster.

The question isn't whether you can write your own copy; it is whether you
can write to the "system's" copy.  Say the "system" has a file with mode
666 which is protected only by directory permissions.  Certain setuid
or setgid programs are supplied which provide controlled access to the
file.  A user supplied program can be invoked with the file open for
read.  Only "system" supplied programs can access the file for write.
With flink(), the user could create a name for the file, reopen it for
write, and screw up the whole world.

("system" here refers not necessarily to the Unix system, but to whomever
or whatever is in charge of some application package)

Richard M. Mathews			D efend
richard@locus.com			 E stonian-Latvian-Lithuanian
lcc!richard@seas.ucla.edu		  I ndependence
...!{uunet|ucla-se|turnkey}!lcc!richard