> Date: Wed, 11 Dec 1996 13:30:55 +0100 (MET)
> From: Harald Koenig <koenig@tat.physik.uni-tuebingen.de>
> To: Thomas.Koenig@ciw.uni-karlsruhe.de
> Cc: linux-kernel-list <linux-kernel@vger.rutgers.edu>
> Subject: Re: Proposal: restrict link(2)
>
>
> > If, however, /tmp/foo is a HARD link to /etc/passwd, chown("/tmp/foo",
> > uid, gid) will lead to the user owning /etc/passwd - not a desirable
> > thing, in general.
But, this does not happen, it is not permitted, as far as I can tell.
If there is a situation where you can actually do it, I think we should
let CERT know. I could not duplicate your scenario, except when running
as root. Can you?
> why is Joe Random Cracker allowed to make a hard link to /etc/passwd at all
> (or to any other file not owed by him) ?
You can make a link FROM any file you can read or copy. But the
owner and permissions are those of the original file. Umask and
setuid on the dir and sticky bit all appear to be irrelevant.
-- g-r-a-t-e-f-u-l-l-y---[ email:<fishbowl@conservatory.com> ]---l-i-v-i-n-g d-e-a-d-i-c-a-t-e-d---[ http://www.conservatory.com/~fishbowl ]-----l-i-g-h-t Q: How did you get into artificial intelligence? A: Seemed logical -- I didn't have any real intelligence.