Re: Linux kernel hardening - link restrictions
On 2012-03-08 15:42:49 +0000, Ben Hutchings wrote:
> Since 'at' is going to be updated in stable, I added a versioned
> 'Breaks' instead.
But since there may be other problems than with "at", announcing
the change in the NEWS file would have probably be a good idea.
Things that an admin was usually doing may no longer work, for
instance (like some build as a normal user when possible, then
as root to install files). Now, concerning the symlinks, since
this affects just symlinks directly under /tmp (not those below
subdirectories), the effects are probably very limited.
I see that audit follow_link messages are generated in the kernel
logs when doing completion as root in /tmp, but everything seems
to be fine.
Vincent Lefèvre <firstname.lastname@example.org> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)