|
From: | Paul Eggert |
Subject: | Re: install.c: please set unlink_dest_before_opening=false |
Date: | Sun, 25 Feb 2007 08:54:38 -0800 |
User-agent: | Gnus/5.1008 (Gnus v5.10.8) Emacs/21.4 (gnu/linux) |
"James Youngman" <address@hidden> writes: > * The hacker now has access to a setuid binary which he knows has a > security problem. A websearch will probably reveal an exploit. Hackers don't need to inspect hard links to do that. They can simply compute the checksums of the standard executables, or even just look at their time stamps. So this argument is a weak one.
[Prev in Thread] | Current Thread | [Next in Thread] |