rm etc. (was: Nasty Security Hole?)

[Joseph S. D. Yao]

In article <8941 at smoke.BRL.MIL> gwyn at brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>) writes:
>In article <118 at hudson.Morgan.COM> frank at Morgan.COM (Frank Wortner) writes:
>>In article <8910 at smoke.BRL.MIL> gwyn at brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>) writes:
>>}Inode permissions apply to the contents of the inode, not to
>>}links to it (which are contained in other inodes).
>>Perhaps I've failed to understand what you wrote.  I've always thought that
>>non-symbolic links were directory entries pointing to the *same* inode, and
>>that any permissions (read, write, and execute of the underlying object)
>>were shared by all links.
>No, the link can be altered independently of permissions on the inode
>to which it is a link.

This is a confusion in understanding of what is meant by "the link".

Most people, including frank at Morgan.COM, seem to think of "the link"
as the object named, the file containing data.  That is indeed one
object, with permissions, data, etc.

Gurus like Doug have much understanding of the reality underlying
this, but sometimes forget to explain, that the "link" is just the
name.  It has itself no inherent permissions et al.  The file or other
object so named has the permissions.  The name does not.  The
implementation of the name as a series of directory entries implies
that permission to alter one element of the name is dependent on the
permissions for the object (directory) in which that element of the
name is contained.

The confusion is boosted along by all those texts that explain the
Unix tree-structured file system with a box at the top labelled "/"
and lines to other boxes named "bin", "tmp", etc.  This is wrong, of
course: the names go on the lines ...

	Joe Yao		jsdy at hadron.COM (not yet domainised)
	hadron!jsdy@{uunet.UU.NET,dtix.ARPA,decuac.DEC.COM}
	arinc,att,avatar,blkcat,cos,decuac,dtix,\
	ecogong,empire,gong,grebyn,inco,insight, \!hadron!jsdy
	kcwc,lepton,netex,netxcom,phw5,rlgvax,	 /
	seismo,sms,smsdpg,sundc,uunet		/