Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!ukma!uflorida!haven!adm!smoke!gwyn
From: gwyn@smoke.BRL.MIL (Doug Gwyn )
Newsgroups: comp.unix.wizards
Subject: Re: Nasty Security Hole?
Message-ID: <8910@smoke.BRL.MIL>
Date: 16 Nov 88 21:56:42 GMT
References: <175@ernie.NECAM.COM> <189@wyn386.UUCP>
Reply-To: gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>)
Distribution: na
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 10

In article <189@wyn386.UUCP> mikef@wyn386.UUCP (Mike Faber) writes:
>Why can a person with read permission only be able to remove the file?

He can't, unless he can remove the last link to the inode.

Inode permissions apply to the contents of the inode, not to
links to it (which are contained in other inodes).

A link can be removed if a process has write permission on the
directory containing the link.