Re: Linux kernel hardening - link restrictions

To: debian-devel@lists.debian.org
Subject: Re: Linux kernel hardening - link restrictions
From: Vincent Lefevre <vincent@vinc17.net>
Date: Mon, 12 Mar 2012 09:47:02 +0100
Message-id: <[🔎] 20120312084702.GF3804@xvii.vinc17.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 1331221369.3022.83.camel@deadeye>
References: <[🔎] 20120302051158.GU12704@decadent.org.uk> <[🔎] 20120308111928.GC3804@xvii.vinc17.org> <[🔎] 1331221369.3022.83.camel@deadeye>

On 2012-03-08 15:42:49 +0000, Ben Hutchings wrote:
> Since 'at' is going to be updated in stable, I added a versioned
> 'Breaks' instead.

But since there may be other problems than with "at", announcing
the change in the NEWS file would have probably be a good idea.
Things that an admin was usually doing may no longer work, for
instance (like some build as a normal user when possible, then
as root to install files). Now, concerning the symlinks, since
this affects just symlinks directly under /tmp (not those below
subdirectories), the effects are probably very limited.

I see that audit follow_link messages are generated in the kernel
logs when doing completion as root in /tmp, but everything seems
to be fine.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to:

References:
- Linux kernel hardening - link restrictions
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: Linux kernel hardening - link restrictions
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: Linux kernel hardening - link restrictions
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Re: upstart: please update to latest upstream version
Next by Date: Re: upstart: please update to latest upstream version
Previous by thread: Re: Linux kernel hardening - link restrictions
Next by thread: speed up /etc/cron.d/php5
Index(es):
- Date
- Thread