I looked at the cobbler code and see:
if self.distro == "ubuntu" or self.distro == "debian":
self.hardlink = "/usr/bin/hardlink"
self.hardlink_args = "-f -p -o -t -v /var/www/cobbler/ks_mirror
/var/www/cobbler/repo_mirror"
else:
self.hardlink = "/usr/sbin/hardlink"
self.hardlink_args = "-c -v /var/www/cobbler/ks_mirror
/var/www/cobbler/repo_mirror"
self.hardlink_cmd = "%s %s" % (self.hardlink, self.hardlink_args)
I asked Dave about the ownership of /var/www/cobbler and
/var/www/cobbler/* and they are all root:root. As such, cobbler is using
hardlink in a safe enough manner (ie, if root is mucking around with
this stuff, you have bigger problems than cobbler's use of hardlink).
ACK from security team.
** Changed in: hardlink (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) => Dave Walker (davewalker)
** Changed in: hardlink (Ubuntu)
Assignee: Dave Walker (davewalker) => (unassigned)
** Changed in: hardlink (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/961778
Title:
[MIR] hardlink
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/hardlink/+bug/961778/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
