I was just reading the aufs man-page section on security with an NFS directory with mode 711. One way to improve security would be to generate symlink filenames containing a lot of random characters. Then, write a bogus symlink where the symlink target is actually the random-character tag. It would only take one extra readlink() to get the tag value required to look up the actual link.
Joe Krahn ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
