Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Tip: Protecting links in Linux 3.7
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
runem
n00b
n00b


Joined: 08 Sep 2006
Posts: 33

PostPosted: Sat Dec 29, 2012 1:13 pm    Post subject: Tip: Protecting links in Linux 3.7 Reply with quote

Hi all

In Linux 3.6 a feature to protect against some security problems with hard and symbolic links was added. It is disabled by default in Linux 3.7.
To enable it add the following to /etc/sysctl.conf:
Code:

# Restrict potential illegal acces via links
fs.protected_hardlinks = 1
fs.protected_symlinks = 1


Reference: https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=561ec64ae67ef25cac8d72bb9c4bfc955edfd415

EDIT:

I have used this for several days with no problems. Tested on an amd64 laptop and an x86 server.


Last edited by runem on Wed Jan 02, 2013 5:21 pm; edited 1 time in total
Back to top
View user's profile Send private message
_______0
Guru
Guru


Joined: 15 Oct 2012
Posts: 521

PostPosted: Sat Dec 29, 2012 4:21 pm    Post subject: Reply with quote

how is this useful??
Back to top
View user's profile Send private message
Hu
Watchman
Watchman


Joined: 06 Mar 2007
Posts: 9061

PostPosted: Sat Dec 29, 2012 5:30 pm    Post subject: Reply with quote

It reactivates the protections added in Linux 3.6, specifically in commit 800179c9b8a1e796e441674776d11cd4c05d61d7. As runem notes, it was disabled by default in Linux 3.7 because certain very unusual applications relied on the disallowed behavior. Most applications do not require the disallowed behavior. See the commit for more details about why you should usually enable the restriction.
Back to top
View user's profile Send private message
runem
n00b
n00b


Joined: 08 Sep 2006
Posts: 33

PostPosted: Mon Jan 28, 2013 10:05 pm    Post subject: Reply with quote

hardened-sources-3.7.0 has been stabilized. Bump.
Back to top
View user's profile Send private message
runem
n00b
n00b


Joined: 08 Sep 2006
Posts: 33

PostPosted: Wed Feb 27, 2013 8:41 pm    Post subject: Reply with quote

Vanilla-sources and gentoo-sources are both marked as stable now.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum