Bug 156020 - rpm updates leave hardlinked copies untouched.
Summary: rpm updates leave hardlinked copies untouched.
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: rpm
Version: fc2
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-04-26 18:03 UTC by Matthew Miller
Modified: 2007-04-18 17:24 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-11-13 02:02:41 UTC
Embargoed:

Attachments (Terms of Use)

Description Matthew Miller 2005-04-26 18:03:19 UTC 
+++ This bug was initially created as a clone of Bug #125517 +++

Reported by Michael Schröder:

If a malicious creates a hardlink to a buggy s-bit program the 
system is still compromised even after a fixed version has been 
installed. The attached fix removes the s-bits from files that 
get updated.

Note that bug #125517 has a patch.
Comment 1 Jeff Johnson 2005-11-04 13:11:33 UTC 
I'm not authorized to view bug #125517, sigh.

Either mail the patch to me or <rpm-devel.duke.edu> and
I will include in rpm.
Comment 2 Matthew Miller 2005-11-04 13:17:39 UTC 
I added you to the CC list of that bug; not sure if this bugzilla is set up so
that helps, but I presume it does.
Comment 3 Jeff Johnson 2005-11-13 02:02:07 UTC 
Patch added in rpm-4.4.3
Note You need to log in before you can comment on or make changes to this bug.