> Probably because testing for the situation would be an unreliable > race. BTW, you explain the ssh behaviour incorrectly. It does not > warn. It fails, and refuses to continue. Failure is not permitted > for the mount system call in this circumstance, and the entire path > upwards cannot be verified atomically. A racy warning also requires > warning to stderr. There are lots of complex considereations to your > handwavy propose.
i would think the mount(8) command could examine each node of the path before the actual mount point and check that they are owned root:wheel and o-w. only root and wheel could run the race then. as for the mount(2) system call, no one makes a boo boo in C, right?