Author: JT Smith
Linus: “2.4.11 had a fix for a symlink DoS attack, but sadly that fix broke the
creation of files through a dangling symlink rather badly (it caused the
inode to be created in the very same inode as the symlink, with unhappy
end results).”
creation of files through a dangling symlink rather badly (it caused the
inode to be created in the very same inode as the symlink, with unhappy
end results).”
Uhhuh.. 2.4.12 Date: Thu, 11 Oct 2001 01:04:49 -0700 (PDT) From: Linus TorvaldsTo: Kernel Mailing List 2.4.11 had a fix for a symlink DoS attack, but sadly that fix broke the creation of files through a dangling symlink rather badly (it caused the inode to be created in the very same inode as the symlink, with unhappy end results). Happily nobody uses that particular horror - or _almost_ nobody does. It looks like at least the SuSE installer (yast2) does, which causes a nasty unkillable inode as /dev/mouse if you use yast2 on 2.4.11. ("debugfs -w rootdev" + "rm /dev/mouse" will remove it, although I suspect there are other less drastic methods too if your fsck doesn't seem to notice anything wrong with it. Only one report of this actually happening so far). So I made a 2.4.12, and renamed away the sorry excuse for a kernel that 2.4.11 was. Linus ----- final: - Greg KH: USB update (fix UHCI timeouts, serial unplug) - Christoph Rohland: shmem locking fixes - Al Viro: more mount cleanup - me: fix bad interaction with link_count handling - David Miller: Sparc updates, net cleanup - Tim Waugh: parport update - Jeff Garzik: net driver updates
Category:
- Linux
