Claudio Freire wrote:
On Mon, Mar 31, 2014 at 4:42 PM, Linda Walsh <suse@tlinx.org> wrote:
In short, the joining of the partitions has already caused broken security workarounds to go into the kernel (that still need to be fixed), and is in the process of requiring system utils and applications to invent workarounds for the security implications -- that themselves cause their own set of security issues that will need more patches, and likely cause more rounds.
Have you at least googled the issue?
The security hole was pre-existing, and its introduction has nothing to do with partitioning (unless you plan to make one partition per user?).
No, it wasn't. The first and main issue was:( from https://lwn.net/Articles/482544/) On systems that have user-writable directories on the same partition as system files, a long-standing class of security issues is the hardlink-based time-of-check-time-of-use race, most commonly seen in world-writable directories like /tmp. Putting system files on separate partitions was a way of preventing the main exploits. Another more arcane case of setUID/GID files would be better served by disallowing that specific case if the user was not in the user(SUID) or group(SGID). Or do you have another situation not documented ? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org