Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!pdn!tscs!tct!chip
From: chip@tct.uucp (Chip Salzenberg)
Newsgroups: comp.unix.internals
Subject: Re: Ideas for changes to Unix filesystem
Message-ID: <27B98C54.66F9@tct.uucp>
Date: 13 Feb 91 18:58:28 GMT
References: <BZS.91Feb7163251@world.std.com> <15878.27b3841d@levels.sait.edu.au> <BZS.91Feb9234906@world.std.com>
Organization: Teltronics/TCT, Sarasota, FL
Lines: 14

According to bzs@world.std.com (Barry Shein):
>Ok, granted, if the path to the original file was not accessible and
>was opened by a priv'd program and the fd handed down (e.g. thru an
>open(), setuid() and then an exec()), then an flink() would bypass the
>original directory protection.

What if flink() were permitted only on file descriptors open for
O_RDWR without O_APPEND?  After all, if you have a file descriptor
meeting that description, there's almost nothing bad you can do with
the file that you couldn't do with the file descriptor, slower.
-- 
Chip Salzenberg at Teltronics/TCT     <chip@tct.uucp>, <uunet!pdn!tct!chip>
 "I want to mention that my opinions whether real or not are MY opinions."
             -- the inevitable William "Billy" Steinmetz