-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Boyd Stephen Smith Jr. wrote: > What about hardlinking the suid-root binaries to a hidden location, waiting > for a security hole to be found/fixed, and then running the old binary to > exploit the hole?
IIRC, a hard link is the same file called two different names. If dpkg/apt change the file in one location (security update), the other one will be changed as well [1]... You'd have to *copy* the hard linked file, but that would still not allow you to copy it back later or to retain it's suid properties. Am I missing something? Johannes [1] http://en.wikipedia.org/wiki/Hard_link -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklw0fkACgkQC1NzPRl9qEXaKACfX8VfBxpZsSH7Lf0HAGC9JL4b 298AoIAqW+BtPtRZ6wZvT37t4zujq3a0 =rOKy -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
