https://bugzilla.novell.com/show_bug.cgi?id=876108 https://bugzilla.novell.com/show_bug.cgi?id=876108#c2 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com, | |security-team@suse.de --- Comment #2 from Marcus Meissner <meissner@suse.com> 2014-05-02 10:58:54 UTC --- it is actually the new kernel symlink protection triggering, and not apparmor. /usr/include/linux/audit.h:#define AUDIT_ANOM_LINK 1702 /* Suspicious use of file links */ Linux Kernel Documentation/sysctl/fs.txt: protected_symlinks: A long-standing class of security issues is the symlink-based time-of-check-time-of-use race, most commonly seen in world-writable directories like /tmp. The common method of exploitation of this flaw is to cross privilege boundaries when following a given symlink (i.e. a root process follows a symlink belonging to another user). For a likely incomplete list of hundreds of examples across the years, please see: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=/tmp When set to "0", symlink following behavior is unrestricted. When set to "1" symlinks are permitted to be followed only when outside a sticky world-writable directory, or when the uid of the symlink and follower match, or when the directory owner matches the symlink's owner. This protection is based on the restrictions in Openwall and grsecurity. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.