|
|
Subscribe / Log in / New account

The long road to a fix for CVE-2021-20316

The long road to a fix for CVE-2021-20316

Posted Feb 13, 2022 18:23 UTC (Sun) by khim (subscriber, #9252)
In reply to: The long road to a fix for CVE-2021-20316 by mathstuf
Parent article: The long road to a fix for CVE-2021-20316

> Wouldn't this make analysis harder? That is, would root follow arbitrary symlinks?

Root would follow only root-created symlinks. Everyone else would also follow root-created symlinks. Everyone else would just follow their own symlinks.

It's actually interesting idea. Would need to see how many packages would break, but this wouldn't effect things like git (people rarely use unix permissions in the middle of git repos) while most distro-provided system symlinks would work.

I think there are some container solutions which use per-app UID (like on Android), would need to decide what to do about these.

to post comments

The long road to a fix for CVE-2021-20316

Posted Feb 13, 2022 19:02 UTC (Sun) by mjg59 (subscriber, #23239) [Link]

Hm. I wonder how viable it would be to implement this using the BPF LSM?


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds