On Tue, Jan 25, 2005 at 09:04:15PM +0100, nordi wrote:
Hi list!
I've ported the hardlink/symlink protection of the grsecurity patch to Suse's 2.6 kernels. My patch makes it considerable harder (and sometimes impossible) to exploit insecure handling of files in /tmp. Additionally it prevents some other annoying things that an attacker could do with hard/symlinks. The patch, more details and install instructions can be found on my website (http://private.addcom.de/nordi/). Feedback is welcome!
The patch is very small and non-intrusive. The slightly changed handling of links should(!) not break existing software. At least I've been using this patch myself on a Suse 9.1 and a 9.2 machine for a couple of weeks now and haven't seen anything break that wasn't broken before ;)
Try to get it in upstream kernel. Good luck ;) You should probably rename the 2 new functions before to a name that matches what they do. Btw, there is a nice thread of grsecurity merge to mainline (with lot of flamage) going on currently. So you might find a bees nest :/ Ciao, Marcus