Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!uunet!mcsun!ukc!strath-cs!jim
From: jim@cs.strath.ac.uk (Jim Reid)
Newsgroups: comp.unix.wizards
Subject: Re: SUID directories -- security concern?
Message-ID: <2156@baird.cs.strath.ac.uk>
Date: 26 Feb 90 14:05:39 GMT
References: <14198@s.ms.uky.edu> <26270009@hpclisp.HP.COM> <4555@hemuli.tik.vtt.fi>
Sender: news@cs.strath.ac.uk
Reply-To: jim@cs.strath.ac.uk
Organization: Comp. Sci. Dept., Strathclyde Univ., Scotland.
Lines: 29

In article <4555@hemuli.tik.vtt.fi> tml@hemuli.tik.vtt.fi (Tor Lillqvist) writes:
>The context-dependent files in HP-UX is IMHO a rather clever idea.  A
>bit like Apollo's symbolic links containing environment variables. 

That's your opinion. I strongly dislike both ideas though I can see why
people have invented these kludges. [Both ideas are quick and dirty
hacks that make a mess of the simple elegance of the UNIX filesystem.]

Context-dependent files (CDF) uses supposedly invisible directories.
They aren't. [It's also ugly that an extra character - '+' - is added to
a CDF name so one can "see" the context-dependent entries. What can you do
if you need a CDF filename that has to end with a '+'? It also adds an
unnecessary and unsightly complication to the kernel's namei() routine.]

On the more general point, I find it distasteful that a process can
manipulate its visible filename name space by altering environment
variables or contexts or whatever. When someone or something specifies a
pathname, the resulting file that is found should not be conditional on
the setting of external process-specific factors like an environment
variable. [i.e. If I ask someone to look at /foo/bar, the file they see
should be the one that I see. Neither of us should have to worry about the
value of the likes of an environment variable that will influence the way
that the kernel parses that pathname.]

>Is there any chance of other vendors taking up the idea?

I sincerely hope not.

		Jim