Subject: Re: /var/cron -> /etc/cron
To: None <firstname.lastname@example.org>
From: Greg A. Woods <email@example.com>
Date: 04/11/1999 20:40:40
[ On Sunday, April 11, 1999 at 12:06:24 (+0200), Ignatios Souvatzis wrote: ]
> Subject: Re: /var/cron -> /etc/cron
> On Sat, Apr 10, 1999 at 03:39:42PM -0600, Chris Jones wrote:
> > Nah, just make the tabs directory mode 700. If you can't get a file
> > descriptor on it, you can't edit it.
> Unless somebody implements open_by_inode(), maybe.
That would so totally break the Unix security model that you might as
well just give users read access to the raw disk! ;-)
An open_by_inode() system call, if it ever comes to be, must be usable
only by the superuser, since the permissions on the actual target inode
are only a part of the security of the file.
Directories are not just for creating a hierarchical view -- they have
permissions and ownerships for a very good reason.
Greg A. Woods
+1 416 218-0098 VE3TCP <firstname.lastname@example.org> <robohack!woods>
Planix, Inc. <email@example.com>; Secrets of the Weird <firstname.lastname@example.org>