mounted file system security error?

I could just be out of it, but for some reason unlink seems to be permitting removal of files on mounted filesystems that it clearly should not. I noticed this on my default linode install, but just to check I tried a clean debian small image and booted from there.

(none):~# uname -a
Linux (none) 2.4.25-linode24-1um #1 Sun Mar 28 01:42:20 EST 2004 i686 unknown
(none):~# adduser filoseta
Adding user filoseta...
Adding new group filoseta (1000).
Adding new user filoseta (1000) with group filoseta.
Creating home directory /home/filoseta.
Copying files from /etc/skel
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for filoseta
Enter the new value, or press return for the default
        Full Name []: Testing
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
        Is the information correct? [y/n] y
(none):~# mkdir /mnt/tmp
(none):~# mount /dev/ubde /mnt/tmp
(none):~# mount 
/dev/ubda on / type ext3 (rw)
proc on /proc type proc (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/ubde on /mnt/tmp type ext3 (rw)
(none):~# touch /tmp/a
(none):~# touch /mnt/tmp/a
(none):~# ls -l /tmp/a /mnt/tmp/a
-rw-r--r--    1 root     root            0 Apr  9 15:53 /mnt/tmp/a
-rw-r--r--    1 root     root            0 Apr  9 15:53 /tmp/a
(none):~# su - filoseta
filoseta@(none):~$ id
uid=1000(filoseta) gid=1000(filoseta) groups=1000(filoseta)
filoseta@(none):~$ rm /tmp/a /mnt/tmp/a
rm: remove write-protected file `/tmp/a'? y
rm: cannot unlink `/tmp/a': Operation not permitted
rm: remove write-protected file `/mnt/tmp/a'? y
filoseta@(none):~$ ls -l /tmp/a /mnt/tmp/a
ls: /mnt/tmp/a: No such file or directory
-rw-r--r--    1 root     root            0 Apr  9 15:53 /tmp/a
filoseta@(none):~$ logout

It has been a long week, so it is possible I am just going nuts, but /mnt/tmp/a should not have been deleted, correct?

It seems to be stemming from unlink directly permitting the call (this section is from my normal install where /tmp is mounted because I didn't feel like installing strace on the debian image).

null root # touch /tmp/a
null root # touch /a
filoseta@null filoseta $ strace unlink /tmp/a
execve("/bin/unlink", ["unlink", "/tmp/a"], ) = 0
uname({sys="Linux", node="null", ...})  = 0
brk(0)                                  = 0x804c000
open("/etc/ld.so.preload", O_RDONLY)    = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=27488, ...}) = 0
mmap2(NULL, 27488, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40015000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 ]\1\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1305020, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001c000
mmap2(NULL, 1243204, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4001d000
mmap2(0x40147000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x129) = 0x40147000
mmap2(0x4014a000, 10308, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4014a000
close(3)                                = 0
munmap(0x40015000, 27488)               = 0
open("/dev/urandom", O_RDONLY)          = 3
read(3, "\272)\210\212\233\244\361s\2761%\270\313\245/\311\372\364"..., 32) = 32
close(3)                                = 0
brk(0)                                  = 0x804c000
brk(0x806d000)                          = 0x806d000
brk(0)                                  = 0x806d000
unlink("/tmp/a")                        = 0
exit_group(0)                           = ?
filoseta@null filoseta $
filoseta@null filoseta $
filoseta@null filoseta $
filoseta@null filoseta $ strace unlink /a
execve("/bin/unlink", ["unlink", "/a"], ) = 0
uname({sys="Linux", node="null", ...})  = 0
brk(0)                                  = 0x804c000
open("/etc/ld.so.preload", O_RDONLY)    = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=27488, ...}) = 0
mmap2(NULL, 27488, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40015000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 ]\1\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1305020, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001c000
mmap2(NULL, 1243204, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4001d000
mmap2(0x40147000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x129) = 0x40147000
mmap2(0x4014a000, 10308, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4014a000
close(3)                                = 0
munmap(0x40015000, 27488)               = 0
open("/dev/urandom", O_RDONLY)          = 3
read(3, "\272\221S\0046\230\t\343\217\257d$\2~\306\367\370\266\260"..., 32) = 32
close(3)                                = 0
brk(0)                                  = 0x804c000
brk(0x806d000)                          = 0x806d000
brk(0)                                  = 0x806d000
unlink("/a")                            = -1 EACCES (Permission denied)
write(2, "unlink: ", 8unlink: )                 = 8
write(2, "cannot unlink `/a\'", 18cannot unlink `/a')     = 18
write(2, ": Permission denied", 19: Permission denied)     = 19
write(2, "\n", 1
)                       = 1
exit_group(1)                           = ?

I would be much obliged if someone could point out the stupid error I am making. The filesystem in question is just a standard ext3 partion created in the disk images section and attached to the two profiles, no associated fstab line existed in the debian install. On my regular image I have tried changing my default line from defaults,noatime,nosuid,noexec,nodev,usrquota to just defaults,noatime and remounting to no avail.