LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Re: Enabling hardlink restrictions to the Linux VFS in 3.6 by default

[Posted October 31, 2012 by corbet]

From:  Linus Torvalds <torvalds-AT-linux-foundation.org>
To:  Holger Kiehl <Holger.Kiehl-AT-dwd.de>
Subject:  Re: Enabling hardlink restrictions to the Linux VFS in 3.6 by default
Date:  Fri, 26 Oct 2012 10:22:32 -0700
Message-ID:  <CA+55aFx+nKJmtmRNXeG1AcSHD1g_6qQwTZuNreFnp0dSSun+ZA@mail.gmail.com>
Cc:  linux-kernel <linux-kernel-AT-vger.kernel.org>, Nick Bowler <nbowler-AT-elliptictech.com>, Kees Cook <keescook-AT-chromium.org>, Ingo Molnar <mingo-AT-elte.hu>, Andrew Morton <akpm-AT-linux-foundation.org>, Al Viro <viro-AT-zeniv.linux.org.uk>, Alan Cox <alan-AT-lxorguk.ukuu.org.uk>, "Theodore Ts'o" <tytso-AT-mit.edu>
Archive-link:  Article, Thread 

On Thu, Oct 25, 2012 at 5:13 AM, Holger Kiehl <Holger.Kiehl@dwd.de> wrote:
>
> as of linux 3.6 hardlink restrictions to the Linux VFS have been enabled
> by default. This breaks the application AFD [1] of which I am the author.

Ok, we had a previous report of breakage, but that was just local
scripting. Since that was just a single user (Nick Bowler), and he was
ok with just fixing his setup, I let it go, waiting to see if anybody
else reacted.

There may well have been other users that had odd breakage, but didn't
realize what the cause was.

Regardless, clearly this does break things, and as such needs to be
undone. We do not cause regressions that people notice in the kernel.

So I've defaulted these things to off, and marked it for stable. See
commit 561ec64ae67e ("VFS: don't do protected {sym,hard}links by
default"). Either distributions can enable it with some security
setting (along with the other security things they do, like the whole
selinux thing), or we might at some future date make some config
option for "boot up in hard-*ss mode that may break things", but for
now we clearly cannot enable it by default.

I've added people from the original commit and the previous discussion
to the cc, and marked the commit for stable too.

  Thanks,
              Linus
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds