Hard link to root-owned file now fails (since Fedora 19)
Richard W.M. Jones
rjones at redhat.com
Tue Jul 16 09:42:02 UTC 2013
On Tue, Jul 16, 2013 at 10:42:10AM +0200, Florian Weimer wrote:
> On 07/15/2013 07:32 PM, Richard W.M. Jones wrote:
>
> >Why?
>
> Without it, it's possible to exploit certain weaknesses to make
> /etc/shadow word-readable or worse, for example.
>
> Hard links are fundamentally incompatible with the way we run
> SELinux, and this change mitigates that issue to some extent.
Any more information on this.
FWIW this change caused a segfault in OpenStack (now fixed, but
there's a larger problem remaining - RHBZ#983218).
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming blog: http://rwmj.wordpress.com
Fedora now supports 80 OCaml packages (the OPEN alternative to F#)
More information about the devel
mailing list