Craig Small <csm...@debian.org> schrieb:
> --0000000000004806c5059d3edeb1
> Content-Type: text/plain; charset="UTF-8"
>
> Hi,
> About 2 years ago the procps package added protection for hard and soft
> symlinks. The bug report was 889098 and has seemed to work fine.
>
> There is also now bug #914859 which would extend this same protection for
> other files, as mentioned in [1]
I'm in favour of setting both to 1. From a quick search Ubuntu carried a patch
in their systemd package to set this as well (LP 1845637).
protected hardlinks/symlinks are enabled via a Debian-specific kernel patch
by default, so I'd say that src:linux should be patched as well, this changes
the default at the deepest level and the /etc/sysctl.conf kicks in for
anyone running custom built kernels.
Cheers,
Moritz
