On Wed, 2020-01-29 at 10:13 -0800, Moritz Mühlenhoff wrote: > Craig Small <csm...@debian.org> schrieb: > > --0000000000004806c5059d3edeb1 > > Content-Type: text/plain; charset="UTF-8" > > > > Hi, > > About 2 years ago the procps package added protection for hard and soft > > symlinks. The bug report was 889098 and has seemed to work fine. > > > > There is also now bug #914859 which would extend this same protection for > > other files, as mentioned in [1] > > I'm in favour of setting both to 1. From a quick search Ubuntu carried a patch > in their systemd package to set this as well (LP 1845637). > > protected hardlinks/symlinks are enabled via a Debian-specific kernel patch > by default, so I'd say that src:linux should be patched as well, this changes > the default at the deepest level and the /etc/sysctl.conf kicks in for > anyone running custom built kernels.
There was discussion around this issue on #debian-kernel recently. Changing the default in src:linux doesn't help people that get their kernel from somewhere else. Changing it in procps also doesn't cover minimal installations since it's only Priority: important. Is there a higher priority package, independent of init system, that would be suitable for carrying the Debian sysctl policy? Ben. -- Ben Hutchings I'm not a reverse psychological virus. Please don't copy me into your signature.
signature.asc
Description: This is a digitally signed message part