Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 8 Jan 2012 09:53:38 -0800
From: Kees Cook <>
To: Matthew Wilcox <>
Cc: Andrew Morton <>,, 
	Alexander Viro <>, Rik van Riel <>, 
	Federica Teodori <>, 
	Lucian Adrian Grijincu <>, Ingo Molnar <>, 
	Peter Zijlstra <>, Eric Paris <>, 
	Randy Dunlap <>, Dan Rosenberg <>,,,
Subject: Re: [PATCH v2012.2] fs: symlink restrictions on sticky directories

On Sun, Jan 8, 2012 at 3:44 AM, Matthew Wilcox <> wrote:
> On Sat, Jan 07, 2012 at 10:55:48AM -0800, Kees Cook wrote:
>> v2012.2:
>>  - Change sysctl mode to 0600, suggested by Ingo Molnar.
>>  - Rework CONFIG logic to split code from default behavior.
>>  - Renamed sysctl to have a "sysctl_" prefix, suggested by Andrew Morton.
> All the sysctl / CONFIG logic seems very complex.  Why not make it
> a module parameter instead?  It can be easily changed at boot time
> (specify kernel.insecure_symlinks=1 on the kernel command line) and,
> with a mode of 0600, can be modified at runtime too.

Well, I'll still need a CONFIG for the code itself, and the normal way
to tweak kernel operation is via sysctls, so I'd rather not switch to
cmdline options.


Kees Cook
ChromeOS Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.