> The author said they have done a backup of the password file :)
> That's true. The file now have two links point to it. You have to remove
> all the links to the file now.
>
> Allowing any user to create hard links to files not owned and readable
> by them create security risks, not just privacy
Vào Th 5, 24 thg 10, 2024 vào lúc 19:59 Janne Johansson
đã viết:
>
> > On Thu, Oct 24, 2024 at 11:36:17AM +0200, Janne Johansson wrote:
> > > > >Description:
> > > > On a same filestem, /tmp or /var in www pages perhaps or
> > > > perhaps even / if they get that deep,
> > > > th
> On Thu, Oct 24, 2024 at 11:36:17AM +0200, Janne Johansson wrote:
> > > >Description:
> > > On a same filestem, /tmp or /var in www pages perhaps or perhaps
> > > even / if they get that deep,
> > > the risk exists that a user can archive a file away even though
> > > they don't
On Thu, Oct 24, 2024 at 11:36:17AM +0200, Janne Johansson wrote:
> > >Description:
> > On a same filestem, /tmp or /var in www pages perhaps or perhaps
> > even / if they get that deep,
> > the risk exists that a user can archive a file away even though
> > they don't have permiss
> >Description:
> On a same filestem, /tmp or /var in www pages perhaps or perhaps even
> / if they get that deep,
> the risk exists that a user can archive a file away even though they
> don't have permissions
> to that file. It allows at least a "backup" of non-user own
>Synopsis: Any luser can make a hardlink to a file not owned by them
>Category: system
>Environment:
System : OpenBSD 7.5
Details : OpenBSD 7.5 (GENERIC.MP) #2: Mon Sep 16 07:59:35 MDT 2024
r...@syspatch-75-arm64.openbsd.org:/usr/src/sys/
