>The attack is to hardlink some tempfile name to some file you want >over-written. This usually involves just a little bit of work, such as >recognizing that a given root cronjob uses an unsafe predictable filename >in /tmp (look at the Bugtraq or Full-Disclosure archives, there's plenty). >Then you set a little program that sleep()s till a few seconds before >the cronjob runs, does a getpid(), and then sprays hardlinks into the >next 15 or 20 things that mktemp() will generate...
Got it. Very good -- now I see. Thanks for the explanation. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
