The long road to a fix for CVE-2021-20316
The long road to a fix for CVE-2021-20316
Posted Feb 11, 2022 14:27 UTC (Fri) by nix (subscriber, #2304)In reply to: The long road to a fix for CVE-2021-20316 by rgmoore
Parent article: The long road to a fix for CVE-2021-20316
Well, that's why the whole thing is optional (controlled via a flag in /proc/sys/fs). There are *already* flags in /proc/sys/fs that tweak symlink behaviours: this is just another one. (Actually, this is just a variant of what protected_symlinks == 1 already provides. I'm not sure why that's not enough.)