-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris Wright wrote:
> * John Richard Moser ([EMAIL PROTECTED]) wrote:
>
>>Yes, mkdtemp() and mkstemp().
>>
>>Of course we can't always rely on programmers to get it right, so the
>>idea here is to make sure we ask broken code to behave nicely, and s
* John Richard Moser ([EMAIL PROTECTED]) wrote:
> Yes, mkdtemp() and mkstemp().
>
> Of course we can't always rely on programmers to get it right, so the
> idea here is to make sure we ask broken code to behave nicely, and stab
> it in the face if it doesn't. Please try to examine this in that sc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris Wright wrote:
> * John Richard Moser ([EMAIL PROTECTED]) wrote:
>
>>I've yet to see this break anything on Ubuntu or Gentoo; Brad Spengler
>>claims this breaks nothing on Debian. On the other hand, this could
>>potentially squash the second m
On Mon, 07 Feb 2005 23:00:33 +0100, Lorenzo =?ISO-8859-1?Q?Hern=E1ndez_?=
=?ISO-8859-1?Q?Garc=EDa-Hierro?= said:
> A sysctl can be a good option, creating a CTL_SECURITY and then
> registering stuff under it, but this requires to have the kernel hackers
> agree with implementing a new security su
El lun, 07-02-2005 a las 16:45 -0500, [EMAIL PROTECTED] escribió:
> On Mon, 07 Feb 2005 20:34:33 +0100, Lorenzo =?ISO-8859-1?Q?Hern=E1ndez_?=
> =?ISO-8859-1?Q?Garc=EDa-Hierro?= said:
>
> > But It's better to give users a "secure-by-default" status, at least on
> > those parts that don't affect ne
On Mon, 07 Feb 2005 20:34:33 +0100, Lorenzo =?ISO-8859-1?Q?Hern=E1ndez_?=
=?ISO-8859-1?Q?Garc=EDa-Hierro?= said:
> But It's better to give users a "secure-by-default" status, at least on
> those parts that don't affect negatively the stability or the
> performance itself.
It's still policy, and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris Wright wrote:
> * Lorenzo Hernández García-Hierro ([EMAIL PROTECTED]) wrote:
>
>>This patch adds two checks to do_follow_link() and sys_link(), for
>>prevent users to follow (untrusted) symlinks owned by other users in
>>world-writable +t dire
* John Richard Moser ([EMAIL PROTECTED]) wrote:
> I've yet to see this break anything on Ubuntu or Gentoo; Brad Spengler
> claims this breaks nothing on Debian. On the other hand, this could
> potentially squash the second most prevalent security bug.
Yes I know, I've worked on distro with it as
* Lorenzo Hernández García-Hierro ([EMAIL PROTECTED]) wrote:
> About what things it can break, I haven't noticed any issue on it (at
> least regarding grSecurity or OpenWall), but of course I would
> appreciate a lot any information on them, so, I could report to the
> developers that are currently
El lun, 07-02-2005 a las 11:12 -0800, Chris Wright escribió:
> * Lorenzo Hernández García-Hierro ([EMAIL PROTECTED]) wrote:
> > This patch adds two checks to do_follow_link() and sys_link(), for
> > prevent users to follow (untrusted) symlinks owned by other users in
> > world-writable +t directori
El lun, 07-02-2005 a las 14:14 -0500, [EMAIL PROTECTED] escribió:
> On Mon, 07 Feb 2005 19:57:06 +0100, Lorenzo =?ISO-8859-1?Q?Hern=E1ndez_?=
> =?ISO-8859-1?Q?Garc=EDa-Hierro?= said:
>
> > This patch adds two checks to do_follow_link() and sys_link(), for
> > prevent users to follow (untrusted) s
On Mon, 07 Feb 2005 19:57:06 +0100, Lorenzo =?ISO-8859-1?Q?Hern=E1ndez_?=
=?ISO-8859-1?Q?Garc=EDa-Hierro?= said:
> This patch adds two checks to do_follow_link() and sys_link(), for
> prevent users to follow (untrusted) symlinks owned by other users in
> world-writable +t directories (i.e. /tmp),
* Lorenzo Hernández García-Hierro ([EMAIL PROTECTED]) wrote:
> This patch adds two checks to do_follow_link() and sys_link(), for
> prevent users to follow (untrusted) symlinks owned by other users in
> world-writable +t directories (i.e. /tmp), unless the owner of the
> symlink is the owner of the
Hi,
This patch adds two checks to do_follow_link() and sys_link(), for
prevent users to follow (untrusted) symlinks owned by other users in
world-writable +t directories (i.e. /tmp), unless the owner of the
symlink is the owner of the directory, users will also not be able to
hardlink to files the
14 matches
Mail list logo
