> Let's be really malicious. Since open files don't go away
> when their unlinked, I can prevent someone from getting access
> to their disk quotas by opening their files before they unlink them,
> thus preventing the blocks from being freed. No matter that they
> tried to prevent me from doing this by setting permission bits.
> No, a file with mode 000 (---------- for you young'uns) ought not
> be openable by unprivileged users, period.
Good point. Similar problems have always existed with quotas except
when each user has their own partition (or others could create
additional hardlinks to files so that the owner has no chance to
unlink them), which is why I always considered quotas a kludge, but
allowing open()ing otherwise unaccessable files would even prevent the
second-order kludge of using individual partitions from working.
To avoid this problem, one might decide not to use the original file
if the user does not have any access rights to it and instead just
create a per-process copy the relevant details of its current state,
but then we'd miss the goal of arriving at a uniform design.
Or one might want to allow dangling fd's: the process is allowed to
open it, but we don't count this for the "real" link count.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/