Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sat, 13 Apr 2002 13:02:37 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sat, 13 Apr 2002 13:02:36 -0400 Received: from h52544c185a20.ne.client2.attbi.com ([24.147.41.41]:28170 "EHLO luna.pizzashack.org") by vger.kernel.org with ESMTP id ; Sat, 13 Apr 2002 13:02:34 -0400 Date: Sat, 13 Apr 2002 13:02:33 -0400 From: xystrus To: linux-kernel@vger.kernel.org Subject: Re: link() security Message-ID: <20020413130233.A4743@pizzashack.org> Mail-Followup-To: linux-kernel@vger.kernel.org In-Reply-To: <20020411181524.A1463@figure1.int.wirex.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.22.1i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Apr 13, 2002 at 05:59:54PM +0100, Alan Cox wrote: > > http://openwall.com. Work based on Solar Designer's Openwall patch has > > been brought forward to more recent 2.4 and 2.5 kernels. Both the > > following projects implement the Openwall secure link feature: > > > > http://grsecurity.net > > http://lsm.immunix.org > > > > This can break some applications that make assumptions wrt. link(2) > > (Courier MTA for example). > > How practical is it to make this a mount option and to do so cleanly ? Perhaps two options: one to allow creation of the link only when the UIDs match; and the other to allow the link when GIDs match, to keep Courier happy? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/