Re: hard links on Linux create local DoS vulnerability and security problems

[Seth Breidbart <sethb () panix com>]

> I think that your observation of the ability to keep a security hole open is
> very interesting, but, fortunately, it should be moot.

Even if not, it's easily avoidable: when you replace a setuid program,
truncate the existing file first, then chmod 000, then delete it.

The security hole only remains if you merely delete it.

Seth

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html