Silly 'script' hardlink bug

[Marco van Berkum <m.v.berkum () obit nl>]

Hi,
I found this, small bug, you might like it :)
tested on a slackware linux.

/*
-------------------------------------------------------
Title: Silly hardlink vulnerability in 'script' command
Software Author: yet unknown
Bug found by: Marco van Berkum (m.v.berkum () obit nl)
Date: 12-12-2001
Priority: low
-------------------------------------------------------

Script command
--------------
The script command which is part of the util-linux
package contains a silly hardlink vulnerability which
could overwrite any file on the harddisk. Script is a
tool to save terminal sessions for later reference.
By default script creates a file called typescript
for its log.

The problem
-----------
Very simple, script (when executed as root) overwrites
hardlinks that could be set by any user to any file on
the harddisk. For instance, a malicious user can place
a hardlink 'typescript' to /etc/passwd (or any other file)
in his home directory. If the root user would execute
script in that directory it would cause script to
overwrite that file. Script does check for symlinks and
asks if the symlink should be overwritten, it lacks
checking hardlinks.

Priority
--------
Low, its not likely that root users execute script
in a user's home directory. They could though, its
a minor problem that must be fixed for that reason.

Author
------
Still looking for the correct person

*/

just my 2 cents,
Marco van Berkum
--
GCC dpu s:--- a- C+++ US++++ P++ L+++ E---- W N o-- K w---
O- M-- V-- PS+++ PE-- Y+ PGP--- t--- 5 X R* tv++ b+++ DI-- D----
G++ e- h+ r y*
+---------------------+------------------+-------------------+
|  Marco van Berkum   |   MB17300-RIPE   | Security Engineer |
|  http://ws.obit.nl  | "Chernobyl used  | Network Admin     |
|  m.v.berkum () obit nl |     Windows"     |      UNIX         |
+---------------------+------------------+-------------------+