On Sun, Jan 04, 2004 at 05:58:08AM +0200, Erno Kuusela wrote: > | Shouldn't it be better if the code used in removal.c was re-used in > > after turning my brain on i remember what my original point about > needing to use fchmod was... the usual way to upgrade binaries in unix > is to use link() or rename() to replace them atomically. there also you > can use fchmod to change the permissions of the old inode (which might > still other links). if you just chmod the setuid bit away before doing > the replacement, there's window of time where you have a nonfunctional > binary in place. Notice that my proposal is to chmod the setuid bit just before it's unlinked in the dpkg code. When a binary is substituted it's first renamed (link/rename) and then removed, the chmod bit should be removed before the file itself is removed IMHO, that shouldn't result on having a nonfunctional binary. Regards Javi
Attachment:
signature.asc
Description: Digital signature