Hello, I installed the 3.6 Kernel update from download.opensuse.org/repositories/Kernel:/stable/standard/. I'd like to check, if the symlink protection of Kernel 3.6 is working. The symlink protection seems to be enabled by default. Anyway, I can use symlinks in /tmp like before without much limitations. Is this the expected behavior? # uname -r 3.6.0-2-desktop # cat /proc/sys/fs/protected_symlinks 1 # cat /proc/sys/fs/protected_hardlinks 1 # ln -sv /usr/bin /tmp/usrbin ‘/tmp/usrbin’ -> ‘/usr/bin’ # l /tmp/usrbin lrwxrwxrwx 1 root root 8 Oct 10 10:23 /tmp/usrbin -> /usr/bin/ # l /tmp/usrbin/sudo -rwsr-xr-x 1 root root 121240 Jul 16 14:57 /tmp/usrbin/sudo* # ls -ld /tmp drwxrwxrwt 47 root root 57344 Oct 10 10:23 /tmp # /tmp/usrbin/sudo -V Sudo version 1.8.5p2 [...] The only limitation I found is, that the listing of symlinked directories is disabled, if the UIDs do not match: # su -s /bin/bash mail # id uid=8(mail) gid=12(mail) groups=12(mail) # ln -sv /usr/bin /tmp/usrbin2 ‘/tmp/usrbin2’ -> ‘/usr/bin’ # exit # id uid=0(root) gid=0(root) groups=0(root) # ls -l /tmp/usrbin2 lrwxrwxrwx 1 mail mail 8 Oct 10 10:35 /tmp/usrbin2 -> /usr/bin # ls -l /tmp/usrbin2/ ls: cannot access /tmp/usrbin2/: Permission denied # echo hello > /tmp/usrbin2/abc # cat /tmp/usrbin2/abc hello # rm /tmp/usrbin2/abc Björn -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org