[grsec] Feature suggestion
azurIt
azurit at pobox.sk
Wed Dec 19 13:26:59 EST 2012
Hi,
we are having little problems with symlinks and security (well, these two things were always doing problems when needed togater). One example can be seen here:
https://forums.proftpd.org/smf/index.php?topic=11225.new
To make things short - we would like to deny creating of symlinks to our users. Not all applications can disallow this so it would be best to make it on kernel level. What about to make a feature in grsecurity which will work similar to TPE? Create a group which is able/not able to _create_ symlinks. What do you think?
azur
More information about the grsecurity
mailing list