Chdir/Exex/Open by inode.

[Kim Fabricius Storm]

In article <11465 at brl-tgr.ARPA> phil at RICE.ARPA (William LeFebvre) writes:
>>> I am looking for a good way to generate the full path name of a directory, 
>>> given only its inode number...
>I disagree!  If it were possible to set the current working directory
>to a given inode and device, then pwd would give you the answer.  All
>the permission information, and even the bit denoting whether or not
>this inode refers to a directory is stored in the inode, and can easily
>be checked in such a call.

.... and an exec-by-inode (no namei) could speed command execution up A LOT
(csh already does some hashing on the command names). 

However, this is NOT EASY to check, because the access permissions to a
directory (or any other file) is the intersection of the permissions on the file
itself, and the search (-x-) permissions on ALL directories on the path
from / to the file.

Suppose your home directory was closed for all other users than yourself, but
anything else in 'your part of the universe' had read permissions for everybody,
which doesn't matter - other users can't bypass your home directory.
Now, if we introduce a chdir-by-inode system call, then anybody who can
guess (or know) the inode number of one of your subdirectories can sneak
through this back-door, and have free access to all your files.

The only thing one (not you) cannot do in the above situation is a 'pwd',
because there is no read permission on the home directory :-).

One solution (a reasonable one I think) would be to have an "access-by-inode"
permission on files and directories, which may be opened/execed/chdired/etc.
by inode, in which case the normal permissions can be used to check which
users are allowed to do so. But is there an unused bit in the inode?

------------------
Kim F. Storm, Inst of Datalogy(=CS), U of Copenhagen, Sigurdsgade 41, DK-2200 N
UUCP: mcvax!diku!storm, <storm at diku.UUCP>           tel: +45 1 83 64 66, ext 14