Package: src:linux Version: 3.2.41-2 Severity: normal Hi,
I think that the new security feature to restrict hardlinks is a great idea, but it is also causing me problems. In debian-cd, we rely on the ability to make hardlinked copies of files from a debian mirror into temporary disk trees. Since upgrading pettersson (the CD build box), this broke due to the default protected_hardlinks setting. On that system: * we have a push mirror setup using the "archvsync" user; * we build CDs using as the "debian-cd" user These two user accounts explicitly don't share credentials: archvsync can be triggered remotely so we don't trust it to be directly involved in the CD build process. The debian-cd user explicitly does not have write access to the mirror area on the machine, so as to ensure we can't/don't make any changes to the mirror when building CDs. For now, on that system we have changed the default settings via /proc but it's not a real solution for us and DSA don't want to do it permanently. I can see a few ways that we could change things: * run things using the same account (not wanted, as described above) * share a group between the users and make everything group-writable (ditto) * come up with a fakelink ld_preload lib like we have fakeroot (eww) Alternatively, I'm pondering: if the main thrust of the hardlink protection is to prevent attacks against system files, then it might make more sense to change protected_hardlinks to be a per-filesystem mount option. By all means protect the root filesystem etc., but for a purely data-carrying filesystem it's a bit obstructive. What do you think? -- Steve McIntyre, Cambridge, UK. [email protected] Google-bait: http://www.debian.org/CD/free-linux-cd Debian does NOT ship free CDs. Please do NOT contact the mailing lists asking us to send them to you. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
