Path: utzoo!attcan!uunet!auspex!guy
From: guy@auspex.UUCP (Guy Harris)
Newsgroups: comp.unix.wizards
Subject: Re: Nasty Security Hole?
Message-ID: <496@auspex.UUCP>
Date: 23 Nov 88 18:45:22 GMT
References: <17620@adm.BRL.MIL>
Reply-To: guy@auspex.UUCP (Guy Harris)
Organization: Auspex Systems, Santa Clara
Lines: 21


 >? What in the world would it MEAN?  It is the DIRECTORY that is modified
 >? by an unlink, not the inode.  Would a "delete" bit then mean that no
 >? links to the inode could be removed?  Think about the consequences for
 >? a bit.  It would be horrible!
 >
 >I'm not so sure. VMS has just that, and seems to work OK (did I actually
 >say that?).

VMS has hard links, but I don't think it makes much use of them.  For
one thing, there are no reference counts associated with them.  Removing
a file, and removing a directory entry that points to a file, are as I
understand it ultimately separate operations.  Does the "delete"
permission bit affect both, or only the former?

The situations are not quite parallel.

Now you could conceivably require that special permission be required to
remove the *last* link to a file; I don't know whether this necessary
would do what people really want here, though, and I thus don't know
whether adding this feechur would be worth it.