install.bin in Makefile

(gert@greenie.muc.de)
Sun, 21 Sep 1997 00:08:02 +0200

Messages sorted by:[ date ][ thread ][ subject ][ author ]

Hi,
Marc SCHAEFER wrote:
> In article <60170v$2le$1@vulcan.alphanet.ch> you wrote:
> > Think about what will happen if someone creates a lock (which is a hard
> > link (!) to a file owned by "root") in that directory, and afterwards
> > tries to remove that lock file...
> 
> I do not understand, how is that a security risk ? The new hard link
> would be deleted, not the original root file, or ?

You *cannot* delete the file if the sticky bit is set.

If root owns the file, then the hard link will be owned by root as well.
If the t-bit is set, *only the owner of the file (=root)* can "rm" the
link...

Which was exactly why there was a *big* problem with locking in some 0.99
versions :-)

gert

-- 
USENET is *not* the non-clickable part of WWW!
           //www.muc.de/~gert/
Gert Doering - Munich, Germany      gert@greenie.muc.de
fax: +49-89-3545980     gert.doering@physik.tu-muenchen.de

.