Wizard-level questions

[Ed Vielmetti]

In article <2285 at tuvie.UUCP> mike at vlsivie.tuwien.ac.at (Michael K. Gschwind) writes:

   > I hope not.  Otherwise permissions on directories wouldn't do much.  I
   >do think the system design would have been cleaner if you only accessed
   >by i-node number, and mapping filename to inode was done outside the kernel.

   This is what is done on Apollo's DomainOS UNIX-clone. It is however a
   security nightmare. Things like chroot don't work, so you can't support
   anonymous ftp et al. Neat idea, but isn't fully UNIX compatible.

There's no particular reason that anonymous ftp requires the chroot()
system call.  Granted, it makes it handy, but an alternative
implementation could simply inspect every filename to be sure that the
user didn't try to ../.. themself out of the protected area.

See dabo.ifs.umich.edu for an ftpd that does secure anonymous ftp for
the Apollo.

-- 
 Msen	Edward Vielmetti
/|---	moderator, comp.archives
	emv at msen.com