From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 9071015808B for ; Sat, 26 Feb 2022 23:30:11 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9AE38E0837; Sat, 26 Feb 2022 23:30:10 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 7968EE0837 for ; Sat, 26 Feb 2022 23:30:10 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id EC9F4342BB3 for ; Sat, 26 Feb 2022 23:30:07 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 188AE2CB for ; Sat, 26 Feb 2022 23:30:05 +0000 (UTC) From: "Mike Pagano" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Pagano" Message-ID: <1645918120.fbd9a85dba3daa04f88e84e68147cd7830b03c4c.mpagano@gentoo> Subject: [gentoo-commits] proj/linux-patches:4.14 commit in: / X-VCS-Repository: proj/linux-patches X-VCS-Files: 1510_fs-enable-link-security-restrictions-by-default.patch X-VCS-Directories: / X-VCS-Committer: mpagano X-VCS-Committer-Name: Mike Pagano X-VCS-Revision: fbd9a85dba3daa04f88e84e68147cd7830b03c4c X-VCS-Branch: 4.14 Date: Sat, 26 Feb 2022 23:30:05 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: f7d9eed0-aea4-4e0c-ae83-537d7288b8e8 X-Archives-Hash: 5e0e5a44d0c6210dbc44e8c0a2b53a7b commit: fbd9a85dba3daa04f88e84e68147cd7830b03c4c Author: Mike Pagano gentoo org> AuthorDate: Sat Feb 26 23:28:40 2022 +0000 Commit: Mike Pagano gentoo org> CommitDate: Sat Feb 26 23:28:40 2022 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=fbd9a85d Update default security restrictions Bug: https://bugs.gentoo.org/834085 Signed-off-by: Mike Pagano gentoo.org> 1510_fs-enable-link-security-restrictions-by-default.patch | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/1510_fs-enable-link-security-restrictions-by-default.patch b/1510_fs-enable-link-security-restrictions-by-default.patch index 8bfb36c1..1b3e590d 100644 --- a/1510_fs-enable-link-security-restrictions-by-default.patch +++ b/1510_fs-enable-link-security-restrictions-by-default.patch @@ -1,13 +1,17 @@ ---- a/fs/namei.c 2018-12-01 11:30:07.672594412 -0500 -+++ b/fs/namei.c 2018-12-01 11:30:58.772816410 -0500 -@@ -902,8 +902,8 @@ static inline void put_link(struct namei +--- a/fs/namei.c 2022-01-09 17:55:34.000000000 -0500 ++++ b/fs/namei.c 2022-02-26 11:32:31.832844465 -0500 +@@ -1020,10 +1020,10 @@ static inline void put_link(struct namei path_put(&last->link); } -int sysctl_protected_symlinks __read_mostly = 0; -int sysctl_protected_hardlinks __read_mostly = 0; +-int sysctl_protected_fifos __read_mostly; +-int sysctl_protected_regular __read_mostly; +int sysctl_protected_symlinks __read_mostly = 1; +int sysctl_protected_hardlinks __read_mostly = 1; - int sysctl_protected_fifos __read_mostly; - int sysctl_protected_regular __read_mostly; ++int sysctl_protected_fifos __read_mostly = 1; ++int sysctl_protected_regular __read_mostly = 1; + /** + * may_follow_link - Check symlink following for unsafe situations