Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.14 commit in: /
Date: Sat, 26 Feb 2022 23:30:11
Message-Id: 1645918120.fbd9a85dba3daa04f88e84e68147cd7830b03c4c.mpagano@gentoo
1 commit: fbd9a85dba3daa04f88e84e68147cd7830b03c4c
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Sat Feb 26 23:28:40 2022 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Sat Feb 26 23:28:40 2022 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=fbd9a85d
7
8 Update default security restrictions
9
10 Bug: https://bugs.gentoo.org/834085
11
12 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
13
14 1510_fs-enable-link-security-restrictions-by-default.patch | 14 +++++++++-----
15 1 file changed, 9 insertions(+), 5 deletions(-)
16
17 diff --git a/1510_fs-enable-link-security-restrictions-by-default.patch b/1510_fs-enable-link-security-restrictions-by-default.patch
18 index 8bfb36c1..1b3e590d 100644
19 --- a/1510_fs-enable-link-security-restrictions-by-default.patch
20 +++ b/1510_fs-enable-link-security-restrictions-by-default.patch
21 @@ -1,13 +1,17 @@
22 ---- a/fs/namei.c 2018-12-01 11:30:07.672594412 -0500
23 -+++ b/fs/namei.c 2018-12-01 11:30:58.772816410 -0500
24 -@@ -902,8 +902,8 @@ static inline void put_link(struct namei
25 +--- a/fs/namei.c 2022-01-09 17:55:34.000000000 -0500
26 ++++ b/fs/namei.c 2022-02-26 11:32:31.832844465 -0500
27 +@@ -1020,10 +1020,10 @@ static inline void put_link(struct namei
28 path_put(&last->link);
29 }
30
31 -int sysctl_protected_symlinks __read_mostly = 0;
32 -int sysctl_protected_hardlinks __read_mostly = 0;
33 +-int sysctl_protected_fifos __read_mostly;
34 +-int sysctl_protected_regular __read_mostly;
35 +int sysctl_protected_symlinks __read_mostly = 1;
36 +int sysctl_protected_hardlinks __read_mostly = 1;
37 - int sysctl_protected_fifos __read_mostly;
38 - int sysctl_protected_regular __read_mostly;
39 ++int sysctl_protected_fifos __read_mostly = 1;
40 ++int sysctl_protected_regular __read_mostly = 1;
41
42 + /**
43 + * may_follow_link - Check symlink following for unsafe situations
Report Message
Find on MARC Find on Google Groups