The longstanding link restriction patches were recently accepted by Andrew Morton and are likely to end up in Linux 3.4. I've applied these to src:linux-2.6 in svn and they should end up in the upcoming version 3.2.9-1.
We know that these are going to break some programs, most notably 'at' (#597130, fixed in wheezy/sid). But of course it's possible to work around that by disabling the restriction, so I don't think this should result in a 'Breaks' relation. I'm therefore intending to warn about this with the following NEWS entry in the linux-image metapackages: Index: debian/linux-image.NEWS =================================================================== --- debian/linux-image.NEWS (revision 18757) +++ debian/linux-image.NEWS (working copy) @@ -1,3 +1,18 @@ +linux-latest (44) unstable; urgency=low + + * The new kernel version includes security restrictions on links, which + are enabled by default. These are specified in + Documentation/sysctl/fs.txt in the linux-doc-3.2 and linux-source-3.2 + packages. + + These restrictions may cause some legitimate programs to fail. + In particular, if the 'at' package is installed, you should either: + - Upgrade it to at least version 3.1.13-1 (or a backport of that) + or: + - Set sysctl fs.protected_hardlinks=0 (see /etc/sysctl.conf) + + -- Ben Hutchings <b...@decadent.org.uk> Fri, 02 Mar 2012 04:58:24 +0000 + linux-latest-2.6 (26) unstable; urgency=low * The old IDE (PATA) drivers are no longer developed. Most PATA --- END --- (Why in the metapackages, you ask? Because apt-listchanges shows NEWS from upgraded packages, not new packages.) Does anyone have a better idea how to do this? Know about other packages that are affected? Ben. -- Ben Hutchings One of the nice things about standards is that there are so many of them. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120302051158.gu12...@decadent.org.uk
