Re: Bug#889098: enforce fs.protected_hardlinks in sysctl.d by default
Hi
On Fri, Feb 02, 2018 at 09:25:31PM +0100, Moritz Mühlenhoff wrote:
> Antoine Beaupré wrote:
> > There are, however, people *not* running Debian-built kernels, and
> > sometimes for good reasons. This is a configuration that we should
> > still support.
>
> Is it supported, but it's also clearly documented that people need to
> enable this sysctl for custom kernels:
> https://www.debian.org/releases/jessie/amd64/release-notes/ch-whats-new.en.html#security
Just to add a note: if procps is as well going to ship this hardening
for fs.protected_hardlinks then I think it would be best to follow the
kernel and do the same for fs.protected_symlinks as well, not only
the fs.protected_hardlinks.
> > Incidentally, I wonder if we should remove the patch we have on the
> > Debian kernels to change the defaults, and instead rely on the
> > sysctl. I have added the kernel team in CC to have their input.
>
> Why revert the kernel? That doesn't buy us anything. It would be
> better to ask upstream to revisit this decision (e.g. by contacting
> KSPP mailing list). I suppose that SuSE, Ubuntu and Red Hat have
> are shipping similar patches/defaults, so it's probably safe to say
> that those protections are now the status quo (as opposed to five
> years ago when that feature was freshly introduced).
Agreed with you and Ben to actually not revert the sane defaults in
the Debian kernel.
Btw, upstream did initially as well set those, then reverted due to
some userspace programms breaking, they are/were rare, but the rule is
to not break userspace (this was done in the referenced commit, "VFS:
don't do protected {sym,hard}links by default", where it's noted that
it e.g. broke AFD.)
Regards,
Salvatore
Reply to: