| View previous topic :: View next topic |
| Author |
Message |
runem
n00b
Joined: 08 Sep 2006
Posts: 40
|
 Posted: Sat Dec 29, 2012 1:13 pm Post subject: Tip: Protecting links in Linux 3.7 |
 |
|
Hi all
In Linux 3.6 a feature to protect against some security problems with hard and symbolic links was added. It is disabled by default in Linux 3.7.
To enable it add the following to /etc/sysctl.conf:
| Code: |
# Restrict potential illegal acces via links
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
|
Reference: https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=561ec64ae67ef25cac8d72bb9c4bfc955edfd415
EDIT:
I have used this for several days with no problems. Tested on an amd64 laptop and an x86 server.
Last edited by runem on Wed Jan 02, 2013 5:21 pm; edited 1 time in total |
|
| Back to top |
|
 |
_______0
Guru
Joined: 15 Oct 2012
Posts: 521
|
| Posted: Sat Dec 29, 2012 4:21 pm Post subject: |
|
|
| how is this useful?? |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23064
|
| Posted: Sat Dec 29, 2012 5:30 pm Post subject: |
|
|
| It reactivates the protections added in Linux 3.6, specifically in commit 800179c9b8a1e796e441674776d11cd4c05d61d7. As runem notes, it was disabled by default in Linux 3.7 because certain very unusual applications relied on the disallowed behavior. Most applications do not require the disallowed behavior. See the commit for more details about why you should usually enable the restriction. |
|
| Back to top |
|
|
runem
n00b
Joined: 08 Sep 2006
Posts: 40
|
| Posted: Mon Jan 28, 2013 10:05 pm Post subject: |
|
|
| hardened-sources-3.7.0 has been stabilized. Bump. |
|
| Back to top |
|
|
runem
n00b
Joined: 08 Sep 2006
Posts: 40
|
| Posted: Wed Feb 27, 2013 8:41 pm Post subject: |
|
|
| Vanilla-sources and gentoo-sources are both marked as stable now. |
|
| Back to top |
|
|
|
Kernel & Hardware
