From owner-freebsd-hackers  Fri Jul  3 03:30:23 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id DAA01268
          for freebsd-hackers-outgoing; Fri, 3 Jul 1998 03:30:23 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from beatrice.rutgers.edu (beatrice.rutgers.edu [165.230.209.143])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA01255
          for <hackers@FreeBSD.ORG>; Fri, 3 Jul 1998 03:30:14 -0700 (PDT)
          (envelope-from easmith@beatrice.rutgers.edu)
Received: (from easmith@localhost) by beatrice.rutgers.edu (980427.SGI.8.8.8/970903.SGI.AUTOCF) id GAA09031; Fri, 3 Jul 1998 06:28:17 -0400 (EDT)
From: "Allen Smith" <easmith@beatrice.rutgers.edu>
Message-Id: <9807030628.ZM9030@beatrice.rutgers.edu>
Date: Fri, 3 Jul 1998 06:28:16 -0400
In-Reply-To: sthaug@nethelp.no       "Re: Variant Link implementation, continued" (Jul  3, 12:11pm)
References: <XFMail.980703105306.lada@pc8811.gud.siemens.at> 
	<20545.899460699@verdi.nethelp.no>
X-Mailer: Z-Mail (3.2.3 08feb96 MediaMail)
To: sthaug@nethelp.no, lada@pc8811.gud.siemens.at
Subject: Re: Variant Link implementation, continued
Cc: hackers@FreeBSD.ORG
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Jul 3, 12:11pm, sthaug@nethelp.no (possibly) wrote:

> If anybody should ever consider something similar to HP-UX CDFs, I'd
> strongly suggest that this should only be available to root by default.
> (on the assumption that root users know what they're doing).
> 
> At one of my former employers we had a large number of HP-UX diskless
> hosts, using CDFs. We saw far too many cases of users inadvertently
> having their directories "disappear" (and similar problems) because
> they had turned the CDF bit on. It was a real support hassle.

Another reason to have this limit is to prevent people from hiding
files using it from various security checking tools; see Garfinkel &
Spafford's _Practical Unix & Internet Security_, pages 136-137. (To
give you some idea, it's under "Oddities and Dubious Ideas" for a
reason.)

	-Allen


-- 
Allen Smith				easmith@beatrice.rutgers.edu
	

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message