aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2012-10-26 13:05:07 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2012-10-26 13:05:07 -0400
commit561ec64ae67ef25cac8d72bb9c4bfc955edfd415 (patch)
treeb18cc05a8fb8375a1d2788821f5894d2cdcfd117 /fs
parent22e978f1f27dc0c9c20f42f0483d374b7a6d781e (diff)
VFS: don't do protected {sym,hard}links by default
In commit 800179c9b8a1 ("This adds symlink and hardlink restrictions to the Linux VFS"), the new link protections were enabled by default, in the hope that no actual application would care, despite it being technically against legacy UNIX (and documented POSIX) behavior. However, it does turn out to break some applications. It's rare, and it's unfortunate, but it's unacceptable to break existing systems, so we'll have to default to legacy behavior. In particular, it has broken the way AFD distributes files, see http://www.dwd.de/AFD/ along with some legacy scripts. Distributions can end up setting this at initrd time or in system scripts: if you have security problems due to link attacks during your early boot sequence, you have bigger problems than some kernel sysctl setting. Do: echo 1 > /proc/sys/fs/protected_symlinks echo 1 > /proc/sys/fs/protected_hardlinks to re-enable the link protections. Alternatively, we may at some point introduce a kernel config option that sets these kinds of "more secure but not traditional" behavioural options automatically. Reported-by: Nick Bowler <nbowler@elliptictech.com> Reported-by: Holger Kiehl <Holger.Kiehl@dwd.de> Cc: Kees Cook <keescook@chromium.org> Cc: Ingo Molnar <mingo@elte.hu> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Theodore Ts'o <tytso@mit.edu> Cc: stable@kernel.org # v3.6 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/namei.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/namei.c b/fs/namei.c
index d1895f308156..937f9d50c84b 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -705,8 +705,8 @@ static inline void put_link(struct nameidata *nd, struct path *link, void *cooki
705 path_put(link); 705 path_put(link);
706} 706}
707 707
708int sysctl_protected_symlinks __read_mostly = 1; 708int sysctl_protected_symlinks __read_mostly = 0;
709int sysctl_protected_hardlinks __read_mostly = 1; 709int sysctl_protected_hardlinks __read_mostly = 0;
710 710
711/** 711/**
712 * may_follow_link - Check symlink following for unsafe situations 712 * may_follow_link - Check symlink following for unsafe situations