On 2/20/07, Paul Eggert <[EMAIL PROTECTED]> wrote:
POSIX makes no requirement. Other implementations are all over the map here, so I suppose we can do what is more convenient. On Solaris 10, /usr/ucb/install breaks the destination link, and /usr/sbin/install does not break it. Traditionally, coreutils has tried to be BSD-compatible, which argues for the current behavior. Has BSD behavior changed? (I took a quick look at the FreeBSD source code for what it does, and quickly became bewildered. :-)
The behaviour you are describing for /usr/sbin/install is probably more secure. Picture this: * Start with a vanilla multiuser Unix system, with a number of setuid binaries * Wait a short time * Will E. Hacker comes along and makes hard links to all the setuid binaries in (say) / and /usr. This obviously requires a hacker-writable directory on the same filesystem. He records the resulting link counts of the relevant inodes. * Wait a short time * The system administrator applies a security update to a setuid binary * The hacker performs a periodic check, and notices that the link count on his 'saved' hard link has fallen * The hacker now has access to a setuid binary which he knows has a security problem. A websearch will probably reveal an exploit. (This observation is due I think to Rob Holland). James. _______________________________________________ Bug-coreutils mailing list [email protected] http://lists.gnu.org/mailman/listinfo/bug-coreutils
