Is there a reason we do not turn on the file system hardlink/symlink protection in Rawhide?
John Reiser
jreiser at bitwagon.com
Thu Mar 14 15:20:52 UTC 2013
>>> sysctl -a | grep protected fs.protected_hardlinks = 0
>>> fs.protected_symlinks = 0
>> I apologize for the ignorance - but what do these _do_.
> They block a non priv user from hardlinking/softlinking to files they don't own.
>
> ln /etc/shadow ~/myshadow
The other descriptions of fs.protected_*links say that the protection
applies to the lookup side when following a link, and not to the
creation side when installing the link. So the potential vulnerabilities
still can be created, but damage is averted at the last possible moment.
It seems to me that the "private /tmp" feature of recent Fedora systems
has removed a large percentage of the potential vulnerabilities here.
If you cannot see anybody else's /tmp then you cannot create vulnerabilities
in /tmp for them, and they cannot create vulnerabilities in /tmp for you.
--
More information about the devel
mailing list