Two bugs: sticky bit directory and ld -e

[mcvax!uva!dik at uunet.uu.net]

mcvax!tut.fi!hmj at uunet.uu.net (Hannu-Matti J{rvinen) writes:
>Sticky bit in directories prevents removing the files in the directory
>without write privilege to the file and the directory....But what happens
>if you use mv to rename files without write protection in a directory
>with the sticky bit and write permissions?...

I assume you use SunOs 3.4 or 3.5 I have the same problem.  This problem
also occured on a Gould PN900 running UTX 2.03.  It allowed two conspiring
users to create loops in the file system.  My guess is that it is early
4.3 BSD code, our vanilla 4.3 Vax doesn't have the problem.  Another
problem I have is that ordinary users can't switch on sticky bits on their
directories. (I rather like this bug, I must admit considering the above)

>.......  So I believe that, even if one could create an additional link
>to a directory, the super user can still remove it....--wnl ]]

In SunOs 3.x NOONE is allowed to remove hardlinks to directory.  Unlink(2)
returns 'Not Owner', even when called as superuser.  So you can only zap
(clri/fsck/reboot) a directory-inode with more than one link other than
'.' and various '..' entries.

[[ Yeah, I didn't think that sounded right when I came across it.  But
that's what the documentation says!  --wnl ]]

Casper H.S. Dik
University of Amsterdam     |		      dik at uva.uucp
The Netherlands             |                 ...!uunet!mcvax!uva!dik