Am 24.03.2013 04:08, schrieb Kevin Kofler: > Miloslav Trmač wrote: >> BTW determining this accurately should be fairly doable[1]. Just look >> for symlink() and link() calls (and recursively through wrapper APIs / >> language bindings). These syscalls are fairly rare. > > That checks for PROGRAMS which run into this. It catches neither admin's > custom scripts nor ln commands run directly by the users. Who knows on how > many machines manually created symlinks point to inodes owned by different > users? maybe you guys should read what the protection does how many directories except /tmp are world-writeable and have STICKY bit? fs.protected_symlink symlinks to only be followed when outside a sticky world-writable directory fs.protected_hardlinks blocks hardlinks to other people's WORLD-READABLE files if you can't write to them
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
