> While that is true, Machek's example looked for that case by checking the
> link count on the file after the directory permissions had been changed.
> The hardlink scenario would be detected at that point.
Well, in that case, you can detect this new scenario with a simple "lsof"...
If they can be expected to check the link count as defense, surely they can
also check for already open FDs for files that once were perfectly accessible
when they change the perms to render them inaccessible...
Also, while changing the perms on the directory, why not go the further step
of changing the file perms as well? It would seem a logical and reasonable
thing to do...