Bug 156020 - rpm updates leave hardlinked copies untouched.
rpm updates leave hardlinked copies untouched.
Product: Fedora Legacy
Classification: Retired
Component: rpm (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
: FutureFeature, Patch
Depends On:
  Show dependency treegraph
Reported: 2005-04-26 14:03 EDT by Matthew Miller
Modified: 2007-04-18 13:24 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-11-12 21:02:41 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Matthew Miller 2005-04-26 14:03:19 EDT
+++ This bug was initially created as a clone of Bug #125517 +++

Reported by Michael Schröder:

If a malicious creates a hardlink to a buggy s-bit program the 
system is still compromised even after a fixed version has been 
installed. The attached fix removes the s-bits from files that 
get updated.

Note that bug #125517 has a patch.
Comment 1 Jeff Johnson 2005-11-04 08:11:33 EST
I'm not authorized to view bug #125517, sigh.

Either mail the patch to me or <rpm-devel@lists.dulug.duke.edu> and
I will include in rpm.
Comment 2 Matthew Miller 2005-11-04 08:17:39 EST
I added you to the CC list of that bug; not sure if this bugzilla is set up so
that helps, but I presume it does.
Comment 3 Jeff Johnson 2005-11-12 21:02:07 EST
Patch added in rpm-4.4.3

Note You need to log in before you can comment on or make changes to this bug.