Is there a reason we do not turn on the file system hardlink/symlink protection in Rawhide?
Kevin Kofler
kevin.kofler at chello.at
Sun Mar 17 18:31:43 UTC 2013
John Reiser wrote:
> It seems to me that the "private /tmp" feature of recent Fedora systems
> has removed a large percentage of the potential vulnerabilities here.
> If you cannot see anybody else's /tmp then you cannot create
> vulnerabilities in /tmp for them, and they cannot create vulnerabilities
> in /tmp for you.
Unfortunately, private /tmp is only enabled by default in Fedora for select
services and not for users, mainly because some programs (ab)use /tmp to do
sockets to communicate between users.
Kevin Kofler
More information about the devel
mailing list