On Wed, Feb 18, 2004 at 01:59:37PM +0100, Javier Fernández-Sanguino Peña wrote:
That is, of course, if the partitions in the system have not been setup properly.
What "properly"? Use a symlink instead of a hard link, you get the same result but with a different race. Or use the old "make a deep directory tree then move it out of the way" trick. There are a lot of races and the bad guy only has to win one. As a matter of fact coreutils is eliminating a lot of these but it's bad to rely on having the latest & greatest version, and even the latest in greatest there are certain operations that might be problematic.
I assumed they were ok, he _did_ say that he was changing file permissions and owners manually.
manually is a somewhat different beast than automatically. There are some tricks to play to leave a process waiting for someone to execute this sort of command an exploit it, but it's a lot easier (and more reliable) to exploit something running out of a cron job. (Because you can try over and over until you get it right.) Mike Stone
