Description of problem: Miklos Szeredi reported that splice() to files opened with O_APPEND are ignored, which allows users to bypass the append-only restriction.
Proposed upstream patch: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=efc968d450e013049a662d22727cf132618dcb2f
Created attachment 320167 [details] Upstream patch for this issue
Reference: http://article.gmane.org/gmane.comp.security.oss.general/1048
Created attachment 320170 [details] Proposed backport patch for realtime kernel
MRG: patch added to kernel -85
kernel-2.6.26.6-49.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This was addressed via: Red Hat Enterprise Linux version 5 (RHSA-2008:1017) MRG Realtime for RHEL 5 Server (RHSA-2009:0009)