Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261226AbTKXVQe (ORCPT ); Mon, 24 Nov 2003 16:16:34 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261262AbTKXVQe (ORCPT ); Mon, 24 Nov 2003 16:16:34 -0500 Received: from fw.osdl.org ([65.172.181.6]:45781 "EHLO mail.osdl.org") by vger.kernel.org with ESMTP id S261226AbTKXVQd (ORCPT ); Mon, 24 Nov 2003 16:16:33 -0500 Date: Mon, 24 Nov 2003 13:16:30 -0800 (PST) From: Linus Torvalds To: Andy Lutomirski cc: linux-kernel@vger.kernel.org Subject: Re: hard links create local DoS vulnerability and security problems In-Reply-To: <3FC27019.7010402@myrealbox.com> Message-ID: References: <3FC27019.7010402@myrealbox.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 696 Lines: 22 On Mon, 24 Nov 2003, Andy Lutomirski wrote: > > Right... but non-privileged users _can't_ delete these extra links, even > if they notice them from the link count. And non-idiots do make > security errors -- they just fix them. But in this case, fixing the > error after the fact may be impossible without root's help. Just do chmod ug-s file and you're done. If you delete the file first, you'll need roots help, but hey, be careful. Linus - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/