On Freitag, 2. März 2012, Kees Cook wrote:
> + * The new kernel version includes security restrictions on
links,
> + These restrictions may cause some legitimate programs to
fail.
> + In particular, if the 'at' package is installed, you should
either:
> + - Upgrade it to at least version 3.1.13-1 (or a backport of
that)
> + - Set sysctl fs.protected_hardlinks=0 (see /etc/sysctl.conf)
It's a trivial patch[1] to fix "at". How about just backporting that
change to stable, to avoid that known trouble too? This is what
Ubuntu
did for the Lucid LTS release that was getting backported kernels
(with
link restrictions) built for it.
sounds like a reasonable plan to me, cc:ing debian-release to get a
comment
on this, and cc:ing the at maintainer too.
[1]
http://anonscm.debian.org/gitweb/?p=collab-maint/at.git;a=commitdiff;h=f4114656c3a6c6f6070e315ffdf940a49eda3279