[release-notes] hardlinks and symlinks are protected!
Pete Travis
immanetize at fedoraproject.org
Sun May 12 17:50:10 UTC 2013
commit 54560523d6afb2f3f87e8ca8350c0fba879e0869
Author: Pete Travis <immanetize at fedoraproject.org>
Date: Sun May 12 11:10:37 2013 -0600
hardlinks and symlinks are protected!
en-US/Security.xml | 15 +++++++++++++++
1 files changed, 15 insertions(+), 0 deletions(-)
---
diff --git a/en-US/Security.xml b/en-US/Security.xml
index 60710f2..c9d26ac 100644
--- a/en-US/Security.xml
+++ b/en-US/Security.xml
@@ -6,6 +6,21 @@
<section>
<title>Security</title>
<para />
+ <section>
+ <title>Hardlink and symlink restrictions</title>
+ <para>
+ A long-standing class of security issues is the link based time-of-check-time-of-use race, most commonly seen in world writable directories like <filename>/tmp</filename>. The common method of exploitation of this flaw is to cross privilege boundaries when following a given link, such as when a root process follows a link belonging to another user. In Fedora &PRODVER;, we permit links to only be followed when outside a sticky world-writable directory, or when the uid of the link and follower match, or when the directory owner matches the link's owner. In previous releases, this was enforced by <function>SELinux</function> policy and in this release, the restrictions are enabled by <function>sysctl</function> settings in <filename>/usr/lib/sysctl.d/00-system.conf</filename> as an additional layer of protection:
+ <screen>
+ fs.protected_hardlinks = 1
+ fs.protected_symlinks = 1
+ </screen>
+ </para>
+ <para>
+ Refer to <ulink url="http://lwn.net/Articles/503660/" /> and <ulink url="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=800179c9b8a1e796e441674776d11cd4c05d61d7" /> for more detailed information about this change.
+ </para>
+ </section>
+
+
</section>
More information about the docs-commits
mailing list