Comment 11 for bug 634183
Revision history for this message
|
|
#11 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
OK, so no CVS for POSIX ACL's because "rpm never sets them".
SO let's move to SE Linux XATTR's attached to Malicious Mark's
hardlinked inode after RPM has done unlink(2).
RPM most definitely sets SE Linux xattr's on files.
Show me the CVE for XATTR's or the reasoning why SE Linux XATTR's should
not _ALSO_ be not disputed as unworthy of a CVE.
Please note that capabilities and setuid/setgid proceed immediately
after hearing your response to SE Linux XATTR's.
And you _REALLY_ need to look carefully at doing a CVE for
Name: foo;~
vulnerabilities instead of hardlink side effects.