Hi, daniel curtis <sidetripp...@gmail.com> (15/12/2012): > Kernel 3.7 is officially out. This Linux release includes many > improvements practically in every aspect. Many changes also concerns > security. Very interesting are: Cryptographically-signed kernel > modules and - long awaited > - > symlink and hardlink restrictions (already in Linux 3.6), but it > broke some programs, so it has been disabled by default, right?
from http://packages.debian.org/changelogs/pool/main/l/linux/linux_3.2.35-1/changelog.html | linux (3.2.29-1) unstable; urgency=low | … | * fs: Update link security restrictions to match Linux 3.6: | - Drop kconfig options; restrictions can only be disabled by sysctl | - Change the audit message type from AUDIT_AVC (1400) to | AUDIT_ANON_LINK (1702) | … | linux-2.6 (3.2.9-1) unstable; urgency=high | … | * fs: Introduce and enable security restrictions on links: | - Do not follow symlinks in /tmp that are owned by other users | (sysctl: fs.protected_symlinks) | - Do not allow unprivileged users to create hard links to sensitive files | (sysctl: fs.protected_hardlinks) (Closes: #609455) | + This breaks the 'at' package in stable, which will be fixed shortly | (see #597130) | The precise restrictions are specified in Documentation/sysctl/fs.txt in | the linux-doc-3.2 and linux-source-3.2 packages. Anyway, I suspect you want to ask Linux kernel questions to Linux kernel maintainers (meaning debian-kernel@). Mraw, KiBi.
signature.asc
Description: Digital signature
