Re: Linux kernel hardening - link restrictions
On 02.03.2012 10:47, Holger Levsen wrote:
On Freitag, 2. März 2012, Kees Cook wrote:
> + * The new kernel version includes security restrictions on
> + These restrictions may cause some legitimate programs to
> + In particular, if the 'at' package is installed, you should
> + - Upgrade it to at least version 3.1.13-1 (or a backport of
> + - Set sysctl fs.protected_hardlinks=0 (see /etc/sysctl.conf)
It's a trivial patch to fix "at". How about just backporting that
change to stable, to avoid that known trouble too? This is what
did for the Lucid LTS release that was getting backported kernels
link restrictions) built for it.
sounds like a reasonable plan to me, cc:ing debian-release to get a
on this, and cc:ing the at maintainer too.
(Predictably enough) I'd like to see a debdiff before a final ack, but
in principle it looks okay; thanks.