Re: lynx-dev Re: who owns what

[Philip Webb]

981009 Bela Lubkin wrote: 
> Philip Webb wrote:
>> that's exactly what i gave: number links, goto the Archive HTML version
>> & look at Sep [445 662 769] & Aug [11]: TD LP & Mike Castle are authors.
>> they explicitly refer to ANONYMOUS use as the problem.
> Those aren't URLs.  I have neither a bookmark
> nor a mental reference to "the Archive HTML version".

you know perfectly well that the Archive is at  www.flora.org/lynx-dev/
& that the 1st screen there gives you a choice of HTML/e-mail formats.

> And I'm not particularly interested in looking at those messages,
> which, if they say what you claim, are simply wrong.

the Pope's representatives refused to look thro' Galileo's telescope.
 
> There are many inherently unsafe operations in Unix
> (as in any operating system); one must program with care.
> If you are concerned about security, all software must be audited.
> There are groups of people doing this for various software.

this starts to sound like people in the police, national-security,
drug-enforcement & surveillance/lock industries:
"You can't be too careful: we need more tax $$, buy our product".
there are certainly problems associated with crime, spying & drugs,
but they are all too easily exaggerated
& remedies offered are all too often worse than the disease.
you have said nothing specific to convince me
that a well-managed UNIX system has security problems,
except possibly with  /tmp , where the analogy would be blood-transfusion.
making hasty & badly thought-out programming changes
in reponse to security alerts which may or may not be serious
DOES lead to the kind of problem which arose for me last week.

>> that sysadmins who know what they are doing still can't prevent it?
>> that anyone can set up a symlink to a file they don't own?
> It is the nature of symlinks.  For instance, you can create a symlink
> to a file that does not (yet) exist. Symlinks to not-yet-created files
> have several important uses.  So do symlinks to not-owned files.
> Removing those abilities would be both difficult and damaging
> to the normal operation of the system. 

i've never needed to create a symlink,
tho' i can see why the sysadmin has one for  /homes .
can you back up your general assertions with real examples?

-- 
========================,,============================================
SUPPORT     ___________//___,  Philip Webb : address@hidden
ELECTRIC   /] [] [] [] [] []|  Centre for Urban & Community Studies
TRANSIT    `-O----------O---'  University of Toronto