Hi all, On Fri, Apr 24, 2015 at 06:02:59PM +0200, Moritz Muehlenhoff wrote: > On Fri, Apr 24, 2015 at 04:58:18PM +0200, Niels Thykier wrote: > > Control: tags -1 moreinfo > > > > On 2015-04-24 11:57, Romain Francoise wrote: > > > Package: release-notes > > > Severity: normal > > > > > > As mentioned on IRC, I reviewed the security section of the "What's new > > > in Debian 8" chapter and: > > > - it mentions the protected_symlinks feature of the kernel as new, but > > > afaik it was already enabled in wheezy > > > - it advertises hardening-wrapper, but it's planned for deprecation or > > > removal in stretch > > > > > > (X-Debbugs-CC: team@security.debian.org) > > > > > > Thanks, > > > > > > > Hi, > > > > Thanks for the review. > > > > The kernel change is to #774117. For the hardening-wrapper, I have > > traced the latest change to #772694. However, it seems to just be > > changes to an existing section that might (or might not) have carried > > over from Wheezy. > > > > * I will await the security team before doing any changes. > > These were in fact carried over from wheezy and Romain's comments > are confirmed to be correct. But haven't we filled #774117 after the pevious Security team meeting to mention that /tmp-related bugs which are rendered non-exploitable by this mechanism not (anymore) as security vulnerabilities? #774117 was explicitly about to cover this and the debian-security-support package in the jessie release notes. So at least this one I guess we want to keep. Regards, Salvatore
Attachment:
signature.asc
Description: Digital signature