The long road to a fix for CVE-2021-20316

Posted Feb 19, 2022 17:10 UTC (Sat) by Jandar (subscriber, #85683)
In reply to: The long road to a fix for CVE-2021-20316 by jra
Parent article: The long road to a fix for CVE-2021-20316

> Windows has admin-only created symlinks.

Marvelous, a kind of symlink a user can't use. What comes next, only admin approved (*) programs can create executables? Doubtless it would be a security enhancement if no executable memory-mapping could contain bytes generated by an arbitrary program.

Most symlinks I use or encounter are made by users within their own directories pointing into other parts of their own space.

* The mainframe I used at university had such a concept. IIRC only an admin at the console could set the compiler-permission.

The long road to a fix for CVE-2021-20316

Posted Feb 21, 2022 0:38 UTC (Mon) by Fowl (subscriber, #65667) [Link] (1 responses)

Well, yeah. This is how many corporate managed devices, and all iOS and Android devices work.

The long road to a fix for CVE-2021-20316

Posted Feb 22, 2022 16:56 UTC (Tue) by Jandar (subscriber, #85683) [Link]

> This is how many corporate managed devices, and all iOS and Android devices work.

And this is why an Android device even with a Linux kernel doesn't provide a very Unix like experience.

If my desktop, laptop or servers would restrict me in the same way as an Android device I would immediately switch the distribution or to something more different like one of the BSDs.