| 1 |
I hope its ok to ask a noob question? |
| 2 |
|
| 3 |
I saw this portage bug (marked critical) and wondered |
| 4 |
if the default installation of either grsecurity or |
| 5 |
selinux flavor of hardened Gentoo would protect .. |
| 6 |
|
| 7 |
http://bugs.gentoo.org/show_bug.cgi?id=21923 |
| 8 |
|
| 9 |
Then I am curious what would be the recommended path |
| 10 |
to add protection, if the default setup did not |
| 11 |
protect from this class of exploits? It seems tricky |
| 12 |
to me, since ordinary users generally are allowed to |
| 13 |
write to /tmp, and the security context / userid of |
| 14 |
the portage user would allow emerge's to scribble in |
| 15 |
places that ordinary users should not. |
| 16 |
|
| 17 |
It seems non-trivial to setup a separate /tmp for |
| 18 |
every user, so what is the best way to avoid |
| 19 |
hardlink/symlink exploits via /tmp? |
| 20 |
|
| 21 |
-- |
| 22 |
gentoo-hardened@g.o mailing list |
Archives