diff options
| author | Linus Torvalds <[email protected]> | 2012-10-26 10:05:07 -0700 |
|---|---|---|
| committer | Linus Torvalds <[email protected]> | 2012-10-26 10:05:07 -0700 |
| commit | 561ec64ae67ef25cac8d72bb9c4bfc955edfd415 (patch) | |
| tree | b18cc05a8fb8375a1d2788821f5894d2cdcfd117 /net/unix/sysctl_net_unix.c | |
| parent | 22e978f1f27dc0c9c20f42f0483d374b7a6d781e (diff) | |
VFS: don't do protected {sym,hard}links by default
In commit 800179c9b8a1 ("This adds symlink and hardlink restrictions to
the Linux VFS"), the new link protections were enabled by default, in
the hope that no actual application would care, despite it being
technically against legacy UNIX (and documented POSIX) behavior.
However, it does turn out to break some applications. It's rare, and
it's unfortunate, but it's unacceptable to break existing systems, so
we'll have to default to legacy behavior.
In particular, it has broken the way AFD distributes files, see
http://www.dwd.de/AFD/
along with some legacy scripts.
Distributions can end up setting this at initrd time or in system
scripts: if you have security problems due to link attacks during your
early boot sequence, you have bigger problems than some kernel sysctl
setting. Do:
echo 1 > /proc/sys/fs/protected_symlinks
echo 1 > /proc/sys/fs/protected_hardlinks
to re-enable the link protections.
Alternatively, we may at some point introduce a kernel config option
that sets these kinds of "more secure but not traditional" behavioural
options automatically.
Reported-by: Nick Bowler <[email protected]>
Reported-by: Holger Kiehl <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: Ingo Molnar <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Al Viro <[email protected]>
Cc: Alan Cox <[email protected]>
Cc: Theodore Ts'o <[email protected]>
Cc: [email protected] # v3.6
Signed-off-by: Linus Torvalds <[email protected]>
Diffstat (limited to 'net/unix/sysctl_net_unix.c')
0 files changed, 0 insertions, 0 deletions