On 12/20/2017 04:43 PM, Michael Orlitzky wrote: > When calling chown recursively, there is an "obvious" race condition > that is handled correctly... > > Can we screw things up by dereferencing symlinks? I think so. The main > idea is to use a symlink that points "up" to mess up the order, and then > to exploit the aforementioned race condition.
Does anyone mind if I reserve a CVE for this?
