On Mon, Dec 04, 2000 at 04:33:00PM +0100, Paul Slootman wrote: > I would consider the problem here to lie in the fact that any user can > link a setuid file. (I was most surprised when I discovered this; > I would have expected that I could not link a non-writable file that > doesn't have my UID as owner; after all, I'm changing things in the > file's inode (number of links).) There's nothing privileged about the inode data structure generally; after all, atime is in there as well. -- G. Branden Robinson | Experience should teach us to be most on Debian GNU/Linux | our guard to protect liberty when the branden@debian.org | government's purposes are beneficent. http://www.debian.org/~branden/ | -- Louis Brandeis
Attachment:
pgp9iulo2ZleX.pgp
Description: PGP signature