On Sat, Jan 19, 2008 at 08:57:10PM +0100, Otto Moerbeek wrote: | On Sat, Jan 19, 2008 at 10:27:25AM -0800, Ted Unangst wrote: | | > On 1/18/08, bofh <[EMAIL PROTECTED]> wrote: | > > I think he means sshd. And it really doesn't matter, once you make install, | > > you'll overwrite the vulnerable copy with the new one, and all the hardlinks | > > won't matter, because they'd be linked to the new file. | > | > except that they won't. the point of a hard link is it points to the | > file, not the name. it's not a symlink. | | install(1) truncates and overwrites existing files, so the old end new | file will have the same inode, iirc.
$ echo apple > a $ echo banana > b $ ls -i 2895709 a 2895710 b $ install a b $ ls -i 2895709 a 2895711 b So it seems that b is unlinked before a is installed in its place. This looks like it's not consistent with what the manpage says it does : If the target file already exists, it is either renamed to file.old if the -b option is given or overwritten if permissions allow. 'Overwritten' sounds more like what Otto said than the behaviour I'm seeing. Cheers, Paul 'WEiRD' de Weerd -- >++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] http://www.weirdnet.nl/