From owner-freebsd-security  Wed Feb 28 02:31:49 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id CAA29503
          for security-outgoing; Wed, 28 Feb 1996 02:31:49 -0800 (PST)
Received: from who.cdrom.com (who.cdrom.com [192.216.222.3])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id CAA29498
          for <security@freebsd.org>; Wed, 28 Feb 1996 02:31:47 -0800 (PST)
Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120])
          by who.cdrom.com (8.6.12/8.6.11) with ESMTP id CAA24156
          for <security@freebsd.org>; Wed, 28 Feb 1996 02:31:45 -0800
Received: from msmith@localhost by genesis.atrad.adelaide.edu.au (8.6.12/8.6.9) id VAA17622; Wed, 28 Feb 1996 21:00:31 +1030
From: Michael Smith <msmith@atrad.adelaide.edu.au>
Message-Id: <199602281030.VAA17622@genesis.atrad.adelaide.edu.au>
Subject: Re: Suspicious symlinks in /tmp
To: msmith@atrad.adelaide.edu.au (Michael Smith)
Date: Wed, 28 Feb 1996 21:00:30 +1030 (CST)
Cc: nlawson@kdat.csc.calpoly.edu, newton@communica.com.au,
        security@freebsd.org
In-Reply-To: <199602280805.SAA16934@genesis.atrad.adelaide.edu.au> from "Michael Smith" at Feb 28, 96 06:35:36 pm
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
Precedence: bulk

Michael Smith stands accused of saying:
> > Yes, but let's say Joe User tries out the ln -s command.  Now he can't delete
> > his symlink.  This behavior is broken.  A user should not be able to create
> > any type of file, whether a symlink or just a normal file, that is owned
> > by another user.
> 
> How's that supposed to work?  To create it, he has to have write permissions
> in the destination directory; the same are required to delete it.
> 

Grrr.  Sticky bit, brain fart.  Sorry.

-- 
]] Mike Smith, Software Engineer        msmith@atrad.adelaide.edu.au    [[
]] Genesis Software                     genesis@atrad.adelaide.edu.au   [[
]] High-speed data acquisition and      (GSM mobile) 0411-222-496       [[
]] realtime instrument control          (ph/fax)  +61-8-267-3039        [[
]] Collector of old Unix hardware.      "Where are your PEZ?" The Tick  [[