Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:5.10 commit in: /
Date: Sat, 26 Feb 2022 20:27:31
Message-Id: 1645907213.b3f78be65acbb318d6af57a24685410c3a76d78e.mpagano@gentoo
1 commit: b3f78be65acbb318d6af57a24685410c3a76d78e
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Sat Feb 26 20:26:53 2022 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Sat Feb 26 20:26:53 2022 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=b3f78be6
7
8 Update default security restrictions
9
10 Bug: https://bugs.gentoo.org/834085
11
12 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
13
14 ...able-link-security-restrictions-by-default.patch | 21 +++++++++------------
15 1 file changed, 9 insertions(+), 12 deletions(-)
16
17 diff --git a/1510_fs-enable-link-security-restrictions-by-default.patch b/1510_fs-enable-link-security-restrictions-by-default.patch
18 index f0ed144f..1b3e590d 100644
19 --- a/1510_fs-enable-link-security-restrictions-by-default.patch
20 +++ b/1510_fs-enable-link-security-restrictions-by-default.patch
21 @@ -1,20 +1,17 @@
22 -From: Ben Hutchings <ben@××××××××××××.uk>
23 -Subject: fs: Enable link security restrictions by default
24 -Date: Fri, 02 Nov 2012 05:32:06 +0000
25 -Bug-Debian: https://bugs.debian.org/609455
26 -Forwarded: not-needed
27 -This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415
28 -('VFS: don't do protected {sym,hard}links by default').
29 ---- a/fs/namei.c 2018-09-28 07:56:07.770005006 -0400
30 -+++ b/fs/namei.c 2018-09-28 07:56:43.370349204 -0400
31 -@@ -885,8 +885,8 @@ static inline void put_link(struct namei
32 +--- a/fs/namei.c 2022-01-09 17:55:34.000000000 -0500
33 ++++ b/fs/namei.c 2022-02-26 11:32:31.832844465 -0500
34 +@@ -1020,10 +1020,10 @@ static inline void put_link(struct namei
35 path_put(&last->link);
36 }
37
38 -int sysctl_protected_symlinks __read_mostly = 0;
39 -int sysctl_protected_hardlinks __read_mostly = 0;
40 +-int sysctl_protected_fifos __read_mostly;
41 +-int sysctl_protected_regular __read_mostly;
42 +int sysctl_protected_symlinks __read_mostly = 1;
43 +int sysctl_protected_hardlinks __read_mostly = 1;
44 - int sysctl_protected_fifos __read_mostly;
45 - int sysctl_protected_regular __read_mostly;
46 ++int sysctl_protected_fifos __read_mostly = 1;
47 ++int sysctl_protected_regular __read_mostly = 1;
48
49 + /**
50 + * may_follow_link - Check symlink following for unsafe situations
Report Message
Find on MARC Find on Google Groups