Bug 156020

Summary: rpm updates leave hardlinked copies untouched.
Product: [Retired] Fedora Legacy Reporter: Matthew Miller <mattdm>
Component: rpmAssignee: Fedora Legacy Bugs <bugs>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: fc2CC: mattdm
Target Milestone: ---Keywords: FutureFeature, Patch
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-11-13 02:02:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matthew Miller 2005-04-26 18:03:19 UTC 
+++ This bug was initially created as a clone of Bug #125517 +++

Reported by Michael Schröder:

If a malicious creates a hardlink to a buggy s-bit program the 
system is still compromised even after a fixed version has been 
installed. The attached fix removes the s-bits from files that 
get updated.

Note that bug #125517 has a patch.
Comment 1 Jeff Johnson 2005-11-04 13:11:33 UTC 
I'm not authorized to view bug #125517, sigh.

Either mail the patch to me or <rpm-devel.duke.edu> and
I will include in rpm.
Comment 2 Matthew Miller 2005-11-04 13:17:39 UTC 
I added you to the CC list of that bug; not sure if this bugzilla is set up so
that helps, but I presume it does.
Comment 3 Jeff Johnson 2005-11-13 02:02:07 UTC 
Patch added in rpm-4.4.3