Nasty Security Hole?

[Doug Gwyn]

In article <189 at wyn386.UUCP> mikef at wyn386.UUCP (Mike Faber) writes:
>Why can a person with read permission only be able to remove the file?

He can't, unless he can remove the last link to the inode.

Inode permissions apply to the contents of the inode, not to
links to it (which are contained in other inodes).

A link can be removed if a process has write permission on the
directory containing the link.