[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-devel
Subject: Re: Kernel parameters protecting fifos and regular files
From: Ben Hutchings <ben () decadent ! org ! uk>
Date: 2020-01-29 22:33:28
Message-ID: 525ab5745d5a98010d01ad96038dc51c325c6176.camel () decadent ! org ! uk
[Download RAW message or body]
On Wed, 2020-01-29 at 10:13 -0800, Moritz Mühlenhoff wrote:
> Craig Small <csmall@debian.org> schrieb:
> > --0000000000004806c5059d3edeb1
> > Content-Type: text/plain; charset="UTF-8"
> >
> > Hi,
> > About 2 years ago the procps package added protection for hard and soft
> > symlinks. The bug report was 889098 and has seemed to work fine.
> >
> > There is also now bug #914859 which would extend this same protection for
> > other files, as mentioned in [1]
>
> I'm in favour of setting both to 1. From a quick search Ubuntu carried a patch
> in their systemd package to set this as well (LP 1845637).
>
> protected hardlinks/symlinks are enabled via a Debian-specific kernel patch
> by default, so I'd say that src:linux should be patched as well, this changes
> the default at the deepest level and the /etc/sysctl.conf kicks in for
> anyone running custom built kernels.
There was discussion around this issue on #debian-kernel recently.
Changing the default in src:linux doesn't help people that get their
kernel from somewhere else. Changing it in procps also doesn't cover
minimal installations since it's only Priority: important.
Is there a higher priority package, independent of init system, that
would be suitable for carrying the Debian sysctl policy?
Ben.
--
Ben Hutchings
I'm not a reverse psychological virus.
Please don't copy me into your signature.
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic