On Sun, Mar 17, 2013 at 10:07 PM, Kevin Kofler <kevin.kofler@xxxxxxxxx> wrote:
> Kees Cook wrote:
>> AFD was a single specific program doing a very specific task and hardly
>> represents an "average workload". I remain extremely disappointed that the
>> default-on state was reverted. Ubuntu has had this feature enabled for
>> YEARS now, and it stopped quite a few exploits cold.
>
> Who knows what other applications this extremely surprising and incompatible
> change breaks?
BTW determining this accurately should be fairly doable[1]. Just look
for symlink() and link() calls (and recursively through wrapper APIs /
language bindings). These syscalls are fairly rare.
Mirek
[1] Well, "fairly doable" when compared to the /tmp-on-tmpfs, which is
"just impossible". It's still man-weeks of work. Pragmatically
speaking, "It did not break Ubuntu" is not a QA technique that makes
me happy, but might be good enough anyway.
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
