* Lorenzo Hernández García-Hierro ([EMAIL PROTECTED]) wrote: > This patch adds two checks to do_follow_link() and sys_link(), for > prevent users to follow (untrusted) symlinks owned by other users in > world-writable +t directories (i.e. /tmp), unless the owner of the > symlink is the owner of the directory, users will also not be able to > hardlink to files they do not own. > > The direct advantage of this pretty simple patch is that /tmp races will > be prevented.
The disadvantage is that it can break things and places policy in the kernel. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/