Kees Cook <kees.cook@xxxxxxxxxxxxx> writes:
> +
> +config SECURITY_YAMA_SYMLINKS
> + bool "Yama: protect symlink following in sticky world-writable
> dirs"
IMHO it's bad style to have CONFIGs that just set defaults,
if that can be done at runtime too. Especially as in your case if it's
a lot of settings. Is it that bad to have a init script and drop these
CONFIGs?
However the help texts are useful, these should be in the sysctl
documentatin in Documentation instead.
> + if (rc) {
> + printk_ratelimited(KERN_INFO "ptrace of non-child"
> + " pid %d was attempted by: %s (pid %d)\n",
> + child->pid, get_task_comm(name, current),
> + current->pid);
It's probably obscure and other kernel code has this too, but at some point
there were attacks to use terminal ESC sequences to attack root's
terminal when they dmesg. Couldn't that be done through "comm" here?
At least the other code who has this problem doesn't claim to enhance
security :)
-Andi
--
ak@xxxxxxxxxxxxxxx -- Speaking for myself only.
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
