Michael Orlitzky <m...@gentoo.org> wrote: > > The fact that all permission and ownership information is shared is > precisely the problem. When you change ownership of the hardlink (which > you'll never know is a hardlink), you change ownership of /etc/shadow.
Why should this be a problem except for a race between reading and changing the ownership? Admittedly, by using "find ... -exec ... +" the time for an exploit of the race is even increased when a "standard" chown command is used. However, it is no rocket science to write a race-free chown command in C: Just open the file and use stat() and fchown() to be sure to change only files from the "correct" user. Since this works on the filehandle and not on the filename, I think that there is no possibility for an exploit when this is used in the above find loop.
