Phoronix: Systemd 241 Paired With Linux 4.19+ To Enable New Regular File & FIFO Protection
The Linux 4.19 kernel brought the ability to disallow the opening of FIFOs and regular files not owned by the user in world-writable sticky directories in the name of security. Had this ability been around previously it could have prevented a number of CVEs going back a long time. In helping ensure this functionality gets utilized, Systemd 241 will now set these sysctl options to enable the behavior by default...
http://www.phoronix.com/scan.php?pag...nux-419-Sysctl
The Linux 4.19 kernel brought the ability to disallow the opening of FIFOs and regular files not owned by the user in world-writable sticky directories in the name of security. Had this ability been around previously it could have prevented a number of CVEs going back a long time. In helping ensure this functionality gets utilized, Systemd 241 will now set these sysctl options to enable the behavior by default...
http://www.phoronix.com/scan.php?pag...nux-419-Sysctl
Comment