[原文]chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions.
SUSE LINUX's permissions package contains a flaw that may lead to an unauthorized access control bypass. The issue is triggered when a malicious user creates a hardlink in certain world-writable directories before chkstat is run. chkstat will then set the target file with the permissions intended for the original file, resulting in a loss of confidentiality.
SUSE has released a patch to address this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Switch to the permission level 'secure' or 'paranoid' before any potentially malicious users can log in. Only the 'easy' level is vulnerable.