On Wed, Mar 13, 2013 at 2:55 PM, seth vidal <skvidal@xxxxxxxxxxxxxxxxx> wrote: > > I apologize for the ignorance - but what do these _do_. > > (please don't say they protect your hardlinks and symlinks) - I mean > what does 'protected' mean in this context. It's an fs-level implementation of Apache's SymlinksIfOwnerMatch. It closes a number of vulnerabilities, such as taking advantages of insecure tempfile handling (you think you're writing to /tmp/myapp.debug, but a malicious symlink points that to /etc/somethingoranother). I agree that we should turn this on by default. Best, -- Konstantin Ryabitsev LinuxFoundation.org Montréal, Québec -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
