Paul Eggert <[EMAIL PROTECTED]> wrote: >> I think his point is that the cracker managed to keep a setuid link to her >> target binary in the system despite that administrator had attempted to >> replace it. > > Ah, thanks, yes, that explains it. That is a good argument for having > the default be to not break destination hard links. > > Not breaking links has the disadvantage that the installed file is > temporarily not executable, but the current code already has that > problem.
The proposed change has another disadvantage. If we don't break destination hard links, then we must write directly to the destination file, and that cannot be done atomically. This would definitely have security implications, so we can't change GNU install's default. _______________________________________________ Bug-coreutils mailing list [email protected] http://lists.gnu.org/mailman/listinfo/bug-coreutils
