Re: install.c: please set unlink_dest_before

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: install.c: please set unlink_dest_before_opening=false

From:	Jim Meyering
Subject:	Re: install.c: please set unlink_dest_before_opening=false
Date:	Thu, 01 Mar 2007 11:46:09 +0100

Paul Eggert <address@hidden> wrote:
>> I think his point is that the cracker managed to keep a setuid link to her
>> target binary in the system despite that administrator had attempted to
>> replace it.
>
> Ah, thanks, yes, that explains it.  That is a good argument for having
> the default be to not break destination hard links.
>
> Not breaking links has the disadvantage that the installed file is
> temporarily not executable, but the current code already has that
> problem.

The proposed change has another disadvantage.

If we don't break destination hard links, then we must write
directly to the destination file, and that cannot be done atomically.
This would definitely have security implications, so we can't
change GNU install's default.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: install.c: please set unlink_dest_before_opening=false, Jim Meyering <=
- Re: install.c: please set unlink_dest_before_opening=false, Robert Millan [ackstorm], 2007/03/01
  - Re: install.c: please set unlink_dest_before_opening=false, Jim Meyering, 2007/03/01
    - Re: install.c: please set unlink_dest_before_opening=false, Paul Eggert, 2007/03/02

Prev by Date: FYI, merging gnulib changes into vasnprintf.c and printf-parse.c
Next by Date: Re: install.c: please set unlink_dest_before_opening=false
Previous by thread: FYI, merging gnulib changes into vasnprintf.c and printf-parse.c
Next by thread: Re: install.c: please set unlink_dest_before_opening=false
Index(es):
- Date
- Thread