[release-notes] hardlinks and symlinks are protected!

[Pete Travis]

commit 54560523d6afb2f3f87e8ca8350c0fba879e0869
Author: Pete Travis <immanetize at fedoraproject.org>
Date:   Sun May 12 11:10:37 2013 -0600

    hardlinks and symlinks are protected!

 en-US/Security.xml |   15 +++++++++++++++
 1 files changed, 15 insertions(+), 0 deletions(-)
---
diff --git a/en-US/Security.xml b/en-US/Security.xml
index 60710f2..c9d26ac 100644
--- a/en-US/Security.xml
+++ b/en-US/Security.xml
@@ -6,6 +6,21 @@
 <section>
   <title>Security</title>
   <para />
+  <section>
+    <title>Hardlink and symlink restrictions</title>
+    <para>
+      A long-standing class of security issues is the link based time-of-check-time-of-use race, most commonly seen in world writable directories like <filename>/tmp</filename>. The common method of exploitation of this flaw is to cross privilege boundaries when following a given link, such as when a root process follows a link belonging to another user. In Fedora &PRODVER;, we permit links to only be followed when outside a sticky world-writable directory, or when the uid of the link and follower match, or when the directory owner matches the link's owner. In previous releases, this was enforced by <function>SELinux</function> policy and in this release, the restrictions are enabled by <function>sysctl</function> settings in <filename>/usr/lib/sysctl.d/00-system.conf</filename> as an additional layer of protection:
+      <screen>
+        fs.protected_hardlinks = 1
+        fs.protected_symlinks = 1
+      </screen>
+    </para>
+    <para>
+      Refer to <ulink url="http://lwn.net/Articles/503660/" /> and <ulink url="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=800179c9b8a1e796e441674776d11cd4c05d61d7" /> for more detailed information about this change.
+    </para>
+  </section>
+
+
 </section>