Summary: | Enable protected_symlinks/protected_hardlinks by default in baselayout/sysctl.conf | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Default Configs | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | enhancement | CC: | base-system, bugzie, ua_gentoo_bugzilla, williamh |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 737664 | ||
Bug Blocks: |
Description
Hanno Böck
2020-01-07 08:50:55 UTC
I tend to agree that baselayout is the better place for this. I will leave the bug here however for a few days to give people time to propose other options. If nothing else has been proposed by the weekend, I will release a new baselayout that enables these by default. Setting these sysctls is probably a good idea. The reason upstream hasn't done it is because it breaks POSIX. But let's not pretend that it fixes the vulnerabilities in opentmpfiles. It turns the trivial exploit in issue #3 into a race condition, and it has no effect on issue #4. The modern way to implement this would be a snippet installed in /usr/lib/sysctl.d rather than adding them to /etc/sysctl.conf. I plan to do a new baselayout release this weekend that fixes this. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/baselayout.git/commit/?id=14c91b2c9dc77d6fc81746b999b92187bd9cac82 commit 14c91b2c9dc77d6fc81746b999b92187bd9cac82 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2020-02-10 01:47:40 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2020-02-10 04:12:03 +0000 enable protected_symlinks and protected_hardlinks by default Bug: https://bugs.gentoo.org/704914 Signed-off-by: William Hubbs <williamh@gentoo.org> etc.Linux/sysctl.d/00protected-links.conf | 2 ++ etc.Linux/sysctl.d/README | 15 +++++++++++++++ 2 files changed, 17 insertions(+) baselayout 2.7 contains this fix. |