Re: Linux 3.6

From: Theodore Ts'o
Date: Wed Oct 03 2012 - 16:41:37 EST

Next message: Alan Cox: "Re: Linux 3.6"
Previous message: Yinghai Lu: "Re: [PATCH 3/5] PCI: add set_max_vfs in pci_driver ops"
In reply to: Linus Torvalds: "Re: Linux 3.6"
Next in thread: Kees Cook: "Re: Linux 3.6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 03, 2012 at 01:29:15PM -0700, Linus Torvalds wrote:
> On Wed, Oct 3, 2012 at 1:05 PM, Kees Cook <kees@xxxxxxxxxxx> wrote:
> >
> > 3.6 introduced link restrictions:
>
> Hmm. If this causes problems for others, I suspect we need to turn it
> off by default.
>
> It's a nice security thing, but considering how quickly people started
> complaining after 3.6 was out, I suspect we'll see more of these, and
> we may not have any choice.

True, although I'm not sure we should be encouraging kernel developers
to have world-writeable directories. I suppose if it's a single-user
workstation it wouldn't matter, but you could imagine a daemon running
has "nobody" which has a stack overflow bug, and then if the user has
been careless and uses umasks so that directories in their home
directory are world writeable, well.....

Regardless of whether or not we turn this security feature off by
default, I think it's worthwhile to look at how and why did Nick's
directories become world-writeable, and whether there is so distro
default which is causing or encouraging this.

- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: Linux 3.6"
Previous message: Yinghai Lu: "Re: [PATCH 3/5] PCI: add set_max_vfs in pci_driver ops"
In reply to: Linus Torvalds: "Re: Linux 3.6"
Next in thread: Kees Cook: "Re: Linux 3.6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]