Hi, There's a Linux kernel patch floating on the net, and now has been published in Phrack, that is supposed to make /tmp directories more secure. In particular, it claims to keep users from creating hard links in +t directories. However the patch does not protect the rename call, so the following should give you a hardlink to passwd in /tmp: mkdir /tmp/foo (no sticky bit on foo) ln /etc/passwd /tmp/foo mv /tmp/{foo/,}passwd Cheers Olaf
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:41:07 PDT