From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id C6318138346 for ; Tue, 7 Jan 2020 08:52:25 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 83660E08D9; Tue, 7 Jan 2020 08:52:21 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id ED163E08BD for ; Tue, 7 Jan 2020 08:52:20 +0000 (UTC) Received: from computer (unknown [IPv6:2a02:8109:8380:7e7e:b886:8d52:6199:3925]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: hanno) by smtp.gentoo.org (Postfix) with ESMTPSA id 3457734DE4E for ; Tue, 7 Jan 2020 08:52:18 +0000 (UTC) Date: Tue, 7 Jan 2020 09:52:15 +0100 From: Hanno =?UTF-8?B?QsO2Y2s=?= To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Vanilla sources Message-ID: <20200107095215.189098c7@computer> In-Reply-To: <4dbeee024f04b343fa370ae62453b4b5c727f42c.camel@gentoo.org> References: <3197490.ugo6OjCCXa@daneel.sf-tec.de> <1794534.0xJHuh4lKC@crazyhorse> <19015309.XG3PSQ8cOu@daneel.sf-tec.de> <5537134e-0412-862d-e105-94c678229b46@gentoo.org> <2dd351b3-0f71-4960-ffde-2f5a99ab161d@gentoo.org> <9b48db99-19dc-617b-c0d4-ffa0216b43be@gentoo.org> <20200104083859.6e82fd4d@computer> <4dbeee024f04b343fa370ae62453b4b5c727f42c.camel@gentoo.org> X-Mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/ppsFv306U4pVudKCk3EdKug"; protocol="application/pgp-signature"; micalg=pgp-sha256 X-Archives-Salt: 0ccff393-a490-423e-8206-9921edc899fe X-Archives-Hash: eb962cd54a258a17047ab346c37f8d59 --Sig_/ppsFv306U4pVudKCk3EdKug Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Sat, 04 Jan 2020 19:41:21 +0100 Micha=C5=82 G=C3=B3rny wrote: > On Sat, 2020-01-04 at 08:38 +0100, Hanno B=C3=B6ck wrote: > > On Fri, 3 Jan 2020 15:48:54 +0100 > > Toralf F=C3=B6rster wrote: > > =20 > > > # Restrict potential illegal access via links > > > #=20 > > > fs.protected_hardlinks =3D 1 > > > fs.protected_symlinks =3D 1 =20 > >=20 > > Given the issues with openrc: > > Wouldn't it be a good idea to add these by default to Gentoo's > > sysctl.conf in baselayout? =20 >=20 > Yes, we should. This really sounds like some horror where developers > are hacking things around in sources instead of communicating with > people maintaining the component where a proper fix belongs. I created a bug for this so we can move the discussion there: https://bugs.gentoo.org/704914 Particularly if anyone thinks this is a bad idea or knows of a situation where this breaks things please speak up now in the bugreport. --=20 Hanno B=C3=B6ck https://hboeck.de/ --Sig_/ppsFv306U4pVudKCk3EdKug Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEn3wfQCCb9MicJwD8dkhfABMwL8oFAl4URr8ACgkQdkhfABMw L8pjsxAAi9jJi/Q2awGFeFwN5GudW0IvjtmhU/vwZUAtILT/ogpoawN8VL+9wgbB 40tUDLIENcvsQdBS9orqU3ZWeLT2ITXPbVQTyq8nLcu9Ga0NWF+cRPt5z8HLlokN +bpEfYJ0+p7kaW3pP5fBgCJ4dKsJRtUjanQZnFjNkmRmtDUbyZ/TdNmP6+v5chhw Bf806snZMTpGMM0LpnSFoteTItbyuWcgt78B0Wiqg1t6rfKheWQu9cUkzjE71K+P AErxVg6J9nAxgFm0CNYiDZCDh53s+GYgygAJJCCMFlKaMdsNhREQaZoiGqA428uT KFbt+K0f1H/UphZbpPFBnufHOfs5mJ8OG5/ODvaeOR5tJw4NqM29x3QPCaOmZj4d QhdNUXvRCLa5QOCpB90+N22J/w22yFCyC/DwLSoT4J9xT1lZHyakryQXDF/ZtkOi ACkxoKf31+r+ToZ2UaHGwW/fUH9npR9HIfzJjFvOGf3Ch2KkPWbaw/A+MCCNkuPI 9BTEZiNssUnzXf2WN8mPenh7v3Ye5TRPHzHKEHUNTh9d2FjoIS5B9cC3nzuIa3+R z+DsuVYrdcAJY4qYdykFVwtZleB1haaClFvJgUkbQhMLZnkgVtGSu5HQH7oirZRK J6J7zoCLG5hQFFhiDvF02GhmTUQ/j0eqIoOhrxymIZzvtGAXZAQ= =jZ/L -----END PGP SIGNATURE----- --Sig_/ppsFv306U4pVudKCk3EdKug--