Red Hat Bugzilla – Bug 156020
rpm updates leave hardlinked copies untouched.
Last modified: 2007-04-18 13:24:22 EDT
+++ This bug was initially created as a clone of Bug #125517 +++
Reported by Michael SchrÃ¶der:
If a malicious creates a hardlink to a buggy s-bit program the
system is still compromised even after a fixed version has been
installed. The attached fix removes the s-bits from files that
Note that bug #125517 has a patch.
I'm not authorized to view bug #125517, sigh.
Either mail the patch to me or <firstname.lastname@example.org> and
I will include in rpm.
I added you to the CC list of that bug; not sure if this bugzilla is set up so
that helps, but I presume it does.
Patch added in rpm-4.4.3