On 02/10/2017 11:18 AM, Mike Crowe wrote:
- if (link_failed && replace && errno == EEXIST) + while (link_failed && replace && errno == EEXIST)
This could cause 'cp -f' to loop forever, if an attacker keeps creating hard links. Is this a new vulnerability? I don't recall any other way that copying from a finite source could take forever.
One possible solution would be to loop for just a few times, and then give up with a diagnostic.
