[ On Sunday, April 11, 1999 at 12:06:24 (+0200), Ignatios Souvatzis wrote: ]
> Subject: Re: /var/cron -> /etc/cron
>
> On Sat, Apr 10, 1999 at 03:39:42PM -0600, Chris Jones wrote:
> > Nah, just make the tabs directory mode 700.  If you can't get a file
> > descriptor on it, you can't edit it.
> 
> Unless somebody implements open_by_inode(), maybe.

That would so totally break the Unix security model that you might as
well just give users read access to the raw disk!  ;-)

An open_by_inode() system call, if it ever comes to be, must be usable
only by the superuser, since the permissions on the actual target inode
are only a part of the security of the file.

Directories are not just for creating a hierarchical view -- they have
permissions and ownerships for a very good reason.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>