Is there a reason we do not turn on the file system hardlink/symlink protection in Rawhide?
Kees Cook
kees at outflux.net
Thu Mar 14 21:12:49 UTC 2013
On Thu, Mar 14, 2013 at 09:08:48AM -0400, Daniel J Walsh wrote:
> On 03/14/2013 04:09 AM, yersinia wrote:
> > On Wed, Mar 13, 2013 at 7:52 PM, Daniel J Walsh <dwalsh at redhat.com
> > <mailto:dwalsh at redhat.com>> wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
> >
> > sysctl -a | grep protected fs.protected_hardlinks = 0 fs.protected_symlinks
> > = 0
> >
> > Here some more info for this apparent regression
> > http://kernel.opensuse.org/cgit/kernel/commit/?id=561ec64ae67ef25cac8d72bb9c4bfc955edfd415
> >
> > Best
> >
> >
> >
> >
> Well I believe Ubunto has been using this feature for years and maybe we
> should consider turning it on via systemd or a unit file. The breakage of AFD
> is not a legitimate reason for Fedora to turn it off.
>
> Kees, could you explain how these restrictions would help secure Fedora and
> any potential side effects.
AFD was a single specific program doing a very specific task and hardly
represents an "average workload". I remain extremely disappointed that the
default-on state was reverted. Ubuntu has had this feature enabled for
YEARS now, and it stopped quite a few exploits cold.
Everything about these restrictions is described in detail in the commit:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=800179c9b8a1e796e441674776d11cd4c05d61d7
I'm happy to answer any questions.
-Kees
--
Kees Cook @outflux.net
More information about the devel
mailing list