Re: Linux kernel hardening - link restrictions
On Freitag, 2. März 2012, Kees Cook wrote:
> > + * The new kernel version includes security restrictions on links,
> > + These restrictions may cause some legitimate programs to fail.
> > + In particular, if the 'at' package is installed, you should either:
> > + - Upgrade it to at least version 3.1.13-1 (or a backport of that)
> > + - Set sysctl fs.protected_hardlinks=0 (see /etc/sysctl.conf)
> It's a trivial patch to fix "at". How about just backporting that
> change to stable, to avoid that known trouble too? This is what Ubuntu
> did for the Lucid LTS release that was getting backported kernels (with
> link restrictions) built for it.
sounds like a reasonable plan to me, cc:ing debian-release to get a comment
on this, and cc:ing the at maintainer too.