Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!samsung!munnari.oz.au!yoyo.aarnet.edu.au!sirius.ucs.adelaide.edu.au!levels!xtdn
From: xtdn@levels.sait.edu.au
Newsgroups: comp.unix.internals
Subject: Re: Ideas for changes to Unix filesystem
Message-ID: <15897.27bc36db@levels.sait.edu.au>
Date: 15 Feb 91 19:30:35 GMT
References: <BZS.91Feb7163251@world.std.com> <15878.27b3841d@levels.sait.edu.au> <BZS.91Feb9234906@world.std.com> <27B98C54.66F9@tct.uucp> <BZS.91Feb14042459@world.std.com>
Organization: University of South Australia
Lines: 18

bzs@world.std.com (Barry Shein) writes:
> Except now you can come back later, say a week later, and re-open the
> file (assuming the file protexns were ok), without the setuid program.

But Barry, you have put you're finger on a very salient point; which is
that one can always protect the file thus disallowing it from being
opened later.  I don't see that flink() would cause any major security
problems.

Just to put this into context: as things stand one could leave the
recipient process running for a week and then read the file.  Really,
excepting that processes can be killed and that machines do sometimes
go down, flink() would not allow any access that one cannot now obtain.


David Newall, who no longer works       Phone:  +61 8 344 2008
for SA Institute of Technology          E-mail: xtdn@lux.sait.edu.au
                "Life is uncertain:  Eat dessert first"