in reply to
Re^2: magic-diamond <> behavior -- WHAT?!
in thread magic-diamond <> behavior -- WHAT?!
Wait. You want to protect against a root who runs some-program-he-doesn't-really-know * in a directory with world write access, without looking at the content of the directory?
Isn't it easier to fix scripts that rely on magic open after they stop working, then to fix scripts that work perfectly, except that they could ruin your system.
I'd say the person with root access is a way bigger problem to your system than magical open.