From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 4A275138334 for ; Sat, 4 Jan 2020 18:41:32 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 67276E0971; Sat, 4 Jan 2020 18:41:28 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 25D10E0956 for ; Sat, 4 Jan 2020 18:41:28 +0000 (UTC) Received: from pomiot (c142-245.icpnet.pl [85.221.142.245]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id 3DD4034DDC7; Sat, 4 Jan 2020 18:41:26 +0000 (UTC) Message-ID: <4dbeee024f04b343fa370ae62453b4b5c727f42c.camel@gentoo.org> Subject: Re: [gentoo-dev] Vanilla sources From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= To: gentoo-dev@lists.gentoo.org Date: Sat, 04 Jan 2020 19:41:21 +0100 In-Reply-To: <20200104083859.6e82fd4d@computer> References: <3197490.ugo6OjCCXa@daneel.sf-tec.de> <1794534.0xJHuh4lKC@crazyhorse> <19015309.XG3PSQ8cOu@daneel.sf-tec.de> <5537134e-0412-862d-e105-94c678229b46@gentoo.org> <2dd351b3-0f71-4960-ffde-2f5a99ab161d@gentoo.org> <9b48db99-19dc-617b-c0d4-ffa0216b43be@gentoo.org> <20200104083859.6e82fd4d@computer> Organization: Gentoo Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-rpmZ0e4bZa/NC5WCKK/V" User-Agent: Evolution 3.32.5 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 X-Archives-Salt: 4d10b15a-194c-4af0-a6d3-babb7e407214 X-Archives-Hash: c130cb8bae37d51ed8db523c03609cae --=-rpmZ0e4bZa/NC5WCKK/V Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sat, 2020-01-04 at 08:38 +0100, Hanno B=C3=B6ck wrote: > On Fri, 3 Jan 2020 15:48:54 +0100 > Toralf F=C3=B6rster wrote: >=20 > > # Restrict potential illegal access via links > > #=20 > > fs.protected_hardlinks =3D 1 > > fs.protected_symlinks =3D 1=20 >=20 > Given the issues with openrc: > Wouldn't it be a good idea to add these by default to Gentoo's > sysctl.conf in baselayout? Yes, we should. This really sounds like some horror where developers are hacking things around in sources instead of communicating with people maintaining the component where a proper fix belongs. >=20 > As far as I understand this from the thread by now, these are set by > default by Gentoo Sources. So we shouldn't really expect much breakage > if we set them via sysctl. >=20 >=20 --=20 Best regards, Micha=C5=82 G=C3=B3rny --=-rpmZ0e4bZa/NC5WCKK/V Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQGTBAABCgB9FiEEx2qEUJQJjSjMiybFY5ra4jKeJA4FAl4Q3FJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM3 NkE4NDUwOTQwOThEMjhDQzhCMjZDNTYzOUFEQUUyMzI5RTI0MEUACgkQY5ra4jKe JA5xpwf/f21APkk31zSyfSlhmPvF2bDWY8sWUxgwsMFg8wfPddZbf/YznURqv8xC reCd5I08KW6dAkaJB9KXfuIrd/007SQIEC5Kgk68Kt9+W/4BmABnsJWpsKywKqFq lxRdfRpOBmlcEOur6Ov796VCJiKV+XmV94Zx/nLvrpyF9FcsQ25nm5nhEYKOUcnT iHQWzkaMYoVGu65ztSs5L9R/Cw3m1rWGqWeQcephFVuX12Sfgy9APiBqhorX724v 4JL5ieK0O2/9qTMxq42LHGYD+C0q939kmjeThYTc3ZxWnT+UWZ175rycF2I6qc57 JoLz5c4+Pi8hCYRWn05XROpQcWzFxA== =lS1Z -----END PGP SIGNATURE----- --=-rpmZ0e4bZa/NC5WCKK/V--