Andrew Pimlott <andrew@pimlott.net> wrote: > > > If he is smart, he will check whether the file is open (eg with fuser) > > Not really. The file does not have to be open to be present in the system. > > It is prefectly possible to leave a dangling root-owned file several > > times, > Correct, but: the admin should still verify that it is not open > before deleting it (in his cron job). As long as there is no atomic "check-if-file-is-open-and-if-not-delete-it" this just makes exploitation harder by introducing another race condition. CU, Andy -- = Andreas Beck | Email : <becka@bedatec.de> =
