https://bugzilla.novell.com/show_bug.cgi?id=876108
https://bugzilla.novell.com/show_bug.cgi?id=876108#c2
Marcus Meissner changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |meissner@suse.com,
| |security-team@suse.de
--- Comment #2 from Marcus Meissner 2014-05-02 10:58:54 UTC ---
it is actually the new kernel symlink protection triggering, and not apparmor.
/usr/include/linux/audit.h:#define AUDIT_ANOM_LINK 1702 /*
Suspicious use of file links */
Linux Kernel
Documentation/sysctl/fs.txt:
protected_symlinks:
A long-standing class of security issues is the symlink-based
time-of-check-time-of-use race, most commonly seen in world-writable
directories like /tmp. The common method of exploitation of this flaw
is to cross privilege boundaries when following a given symlink (i.e. a
root process follows a symlink belonging to another user). For a likely
incomplete list of hundreds of examples across the years, please see:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=/tmp
When set to "0", symlink following behavior is unrestricted.
When set to "1" symlinks are permitted to be followed only when outside
a sticky world-writable directory, or when the uid of the symlink and
follower match, or when the directory owner matches the symlink's owner.
This protection is based on the restrictions in Openwall and grsecurity.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.