Date: Thu, 29 Jan 1998 19:31:39 -0300 From: Solar Designer <solar@FALSE.COM> Subject: Secure Linux patch To: BUGTRAQ@NETSPACE.ORG Hello, > mkdir /tmp/foo (no sticky bit on foo) > ln /etc/passwd /tmp/foo > mv /tmp/{foo/,}passwd Thanks for reporting this. A stupid problem, I should have thought a bit more of things like this. ;-) I wonder why noone reported it earlier... I wasn't going to release my new patch right now, but since I would have to release a fix anyway, ...here goes the full thing. You can get my new Secure Linux patch at: http://www.false.com/security/linux/secure-linux.tar.gz ftp://ftp.dataforce.net/pub/solar/secure-linux.tar.gz Features: * Non-executable user stack area * Link-in-/tmp fix (fixed;-) * Restricted /proc (extra functionality compared to original route's patch) * Improved securelevel support (finally really secure, and extra features) * Unofficial bugfixes (hope I'll be able to remove them when 2.0.34 is out) Signed, Solar Designer