codeblog code is freedom — patching my itch

October 1, 2012

Link restrictions released in Linux 3.6

Filed under: Blogging,Chrome OS,Debian,Security,Ubuntu,Ubuntu-Server — kees @ 12:59 pm

It’s been a very long time coming, but symlink and hardlink restrictions have finally landed in the mainline Linux kernel as of version 3.6. The protection is at least old enough to have a driver’s license in most US states, with some of the first discussions I could find dating from Aug 1996.

While this protection is old (to ancient) news for anyone running Chrome OS, Ubuntu, grsecurity, or OpenWall, I’m extremely excited that is can now benefit everyone running Linux. All the way from cloud monstrosities to cell phones, an entire class of vulnerability just goes away. Thanks to everyone that had a part in developing, testing, reviewing, and encouraging these changes over the years. It’s quite a relief to have it finally done. I hope I never have to include the year in my patch revision serial number again. :)

© 2012, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License.
CC BY-SA 4.0


  1. Great work. Thanks!

    Comment by Geert — October 1, 2012 @ 2:24 pm

  2. I believe this makes it a little harder to get root on some android phones/tablets :(. Security issues are sometime a good thing.

    Comment by tshirtman — October 2, 2012 @ 3:23 am

  3. Whoa! That’s certainly impressive as an example of unstoppable, relentless development. Respect the kernel devs!

    Comment by wojtek — October 2, 2012 @ 5:22 am

Powered by WordPress