> You are operating here outside of /tmp (sticky world-writable
> directory) which the above issue for the init scripts relies on,
> right? fs.protected_(hardlinks|symlinks) is exactly a hardening for
> those issues:
I see: the kernel now treats things in /tmp (with sticky bit
permissions) differently from other places (without "weird"
permissions). Thanks for pointing this out for me!
(I never noticed this change...)
Then I agree that this issue is not exploitable in default Debian,
no need for DSA. (Sorry about the noise.)
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia