[PATCH] UBUNTU: SAUCE: fs: block cross-uid sticky symlinks
Kees Cook
kees.cook at canonical.com
Fri May 21 17:10:29 UTC 2010
Hi Tim,
On Fri, May 21, 2010 at 07:43:48AM -0600, Tim Gardner wrote:
> Are you proposing this for Lucid?
Not presently. I was intending this for maverick only, but if there are no
problems, I may consider asking for an SRU, but that will be some time from
now.
> The code looks fine, but I'm not familiar enough with file system
> semantics to comment on cap_inode_follow_link().
If this turns out to be the wrong place, I can easily move it into the
callers of cap_inode_follow_link(), but since there were multiple callers,
using this location seemed the most efficient.
> However, its an easily tested patch.
To that end, I have a test script for this here:
http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/annotate/head:/scripts/test-kernel-hardening.py
--
Kees Cook
Ubuntu Security Team
More information about the kernel-team
mailing list