Is there a reason we do not turn on the file system hardlink/symlink protection in Rawhide?
Kevin Kofler
kevin.kofler at chello.at
Sun Mar 24 03:08:00 UTC 2013
Miloslav Trmač wrote:
> BTW determining this accurately should be fairly doable[1]. Just look
> for symlink() and link() calls (and recursively through wrapper APIs /
> language bindings). These syscalls are fairly rare.
That checks for PROGRAMS which run into this. It catches neither admin's
custom scripts nor ln commands run directly by the users. Who knows on how
many machines manually created symlinks point to inodes owned by different
users?
> [1] Well, "fairly doable" when compared to the /tmp-on-tmpfs, which is
> "just impossible". It's still man-weeks of work. Pragmatically
> speaking, "It did not break Ubuntu" is not a QA technique that makes
> me happy, but might be good enough anyway.
Well, /tmp-on-tmpfs is just broken, disabled on my machines and should be
reverted in Fedora ASAP. It is not a good example to follow (and neither is
UsrMove, whose consequences we're still suffering, see the recent thread
about RPM dependencies on binaries).
Kevin Kofler
More information about the devel
mailing list