[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Linux kernel hardening - link restrictions


On Freitag, 2. März 2012, Kees Cook wrote:
> > +  * The new kernel version includes security restrictions on links,
> > +    These restrictions may cause some legitimate programs to fail.
> > +    In particular, if the 'at' package is installed, you should either:
> > +    - Upgrade it to at least version 3.1.13-1 (or a backport of that)
> > +    - Set sysctl fs.protected_hardlinks=0 (see /etc/sysctl.conf)
> It's a trivial patch[1] to fix "at". How about just backporting that
> change to stable, to avoid that known trouble too? This is what Ubuntu
> did for the Lucid LTS release that was getting backported kernels (with
> link restrictions) built for it.

sounds like a reasonable plan to me, cc:ing debian-release to get a comment
on this, and cc:ing the at maintainer too.

> [1]
> http://anonscm.debian.org/gitweb/?p=collab-maint/at.git;a=commitdiff;h=f4114656c3a6c6f6070e315ffdf940a49eda3279


Reply to: