>>> sysctl -a | grep protected fs.protected_hardlinks = 0 >>> fs.protected_symlinks = 0
>> I apologize for the ignorance - but what do these _do_. > They block a non priv user from hardlinking/softlinking to files they don't > own. > > ln /etc/shadow ~/myshadow The other descriptions of fs.protected_*links say that the protection applies to the lookup side when following a link, and not to the creation side when installing the link. So the potential vulnerabilities still can be created, but damage is averted at the last possible moment. It seems to me that the "private /tmp" feature of recent Fedora systems has removed a large percentage of the potential vulnerabilities here. If you cannot see anybody else's /tmp then you cannot create vulnerabilities in /tmp for them, and they cannot create vulnerabilities in /tmp for you. -- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
