> I'm
> sure allowing root to access mode 000 files either leads back to
> an interesting historical reason or is part of a philosophy that
> says "no access checks should be applied to the superuser". I just
> wonder what historical reason there could be for the feature.
Used to be that the code did this:
if (u.u_euid == 0)
return(SUCCESS)
if (do the real checks)
...
which is the simplest logic. It's optimized for root,
not the regular user and makes doing things like audit more
difficult. With this code the mode bits could contain the first
chapter of Revelations and the kernel would never even bother
to look.
We live now, of course, in a more enlightened age.
--Casey Schaufler voice: (650) 933-1634 casey@sgi.com fax: (650) 933-0170
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/