[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-devel
Subject:    Re: Kernel parameters protecting fifos and regular files
From:       Ben Hutchings <ben () decadent ! org ! uk>
Date:       2020-01-29 22:33:28
Message-ID: 525ab5745d5a98010d01ad96038dc51c325c6176.camel () decadent ! org ! uk
[Download RAW message or body]


On Wed, 2020-01-29 at 10:13 -0800, Moritz Mühlenhoff wrote:
> Craig Small <csmall@debian.org> schrieb:
> > --0000000000004806c5059d3edeb1
> > Content-Type: text/plain; charset="UTF-8"
> > 
> > Hi,
> >   About 2 years ago the procps package added protection for hard and soft
> > symlinks. The bug report was 889098 and has seemed to work fine.
> > 
> > There is also now bug #914859 which would extend this same protection for
> > other files, as mentioned in [1]
> 
> I'm in favour of setting both to 1. From a quick search Ubuntu carried a patch
> in their systemd package to set this as well (LP 1845637).
> 
> protected hardlinks/symlinks are enabled via a Debian-specific kernel patch
> by default, so I'd say that src:linux should be patched as well, this changes
> the default at the deepest level and the /etc/sysctl.conf kicks in for
> anyone running custom built kernels.

There was discussion around this issue on #debian-kernel recently. 
Changing the default in src:linux doesn't help people that get their
kernel from somewhere else.  Changing it in procps also doesn't cover
minimal installations since it's only Priority: important.

Is there a higher priority package, independent of init system, that
would be suitable for carrying the Debian sysctl policy?

Ben.

-- 
Ben Hutchings
I'm not a reverse psychological virus.
Please don't copy me into your signature.



["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]