|
| From: | Bernhard Voelker |
| Subject: | Re: cp, ln, mv, install: check for vulnerable target directories |
| Date: | Wed, 20 Sep 2017 08:36:52 +0200 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 |
On 09/20/2017 07:32 AM, Pádraig Brady wrote: > I'd be more inclined > to have another kernel value for /proc/sys/fs/protected_symlinks > that also provided the protection to non sticky dirs? I'm also worried about compatibility here: the user will be confused why cp, mv etc from coreutils are not 'just working' anymore ... he will try -f first, and then simply use something else (rsync, whatever). So the flag on kernel level seems the right place to me to prevent this issue. Have a nice day, Berny
| [Prev in Thread] | Current Thread | [Next in Thread] |