Project

General

Profile

Bug #16072

Enable protected_fifos and protected_regular

Added by intrigeri 10 months ago. Updated 7 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
10/25/2018
Due date:
% Done:

100%

Feature Branch:
feature/16072-protected-regular-and-fifo-files+force-all-tests
Type of work:
Code
Blueprint:
Starter:
Affected tool:


Related issues

Blocked by Tails - Bug #16073: Upgrade Linux to 4.19 Resolved 10/25/2018
Blocks Tails - Feature #15507: Core work 2019Q1: Foundations Team Resolved 04/08/2018
Blocked by Tails - Bug #16349: Stick to Tor 0.3.4 in Tails 3.12 Resolved 01/12/2019
Blocks Tails - Bug #16352: Fix systemd vulnerabilities: CVE-2018-16864, CVE-2018-16865 and CVE-2018-16866 Resolved 01/13/2019

Associated revisions

Revision cae7d966 (diff)
Added by intrigeri 7 months ago

Enable O_CREAT restriction in /tmp directories for FIFOs and regular files (refs: #16072)

For details, see:
https://outflux.net/blog/archives/2018/10/22/security-things-in-linux-v4-19/

History

#1 Updated by intrigeri 10 months ago

  • Blocked by Bug #16073: Upgrade Linux to 4.19 added

#2 Updated by intrigeri 10 months ago

#3 Updated by intrigeri 10 months ago

  • Assignee set to intrigeri

#4 Updated by segfault 10 months ago

  • Assignee changed from intrigeri to segfault

#5 Updated by segfault 10 months ago

  • Assignee changed from segfault to intrigeri
  • QA Check set to Info Needed

#6 Updated by intrigeri 9 months ago

  • Assignee changed from intrigeri to segfault
  • QA Check deleted (Info Needed)

#7 Updated by intrigeri 8 months ago

  • Target version changed from Tails_3.11 to Tails_3.12

(Blocked by #16073 which I've just postponed.)

#8 Updated by intrigeri 8 months ago

#9 Updated by intrigeri 8 months ago

#10 Updated by CyrilBrulebois 8 months ago

  • Assignee changed from segfault to CyrilBrulebois

Since I'll handle 4.19 (#16073), I'll look into that bug report as well.

#11 Updated by intrigeri 7 months ago

  • Assignee changed from CyrilBrulebois to intrigeri
  • Feature Branch set to feature/16072-protected-regular-and-fifo-files+force-all-tests

#12 Updated by intrigeri 7 months ago

  • Status changed from Confirmed to In Progress

#13 Updated by intrigeri 7 months ago

  • % Done changed from 0 to 10
  • Type of work changed from Test to Code

Test results on bare metal from #16073 apply here: looks good. Waiting for test suite results before submitting for QA (will batch this with #16073).

#14 Updated by intrigeri 7 months ago

  • Blocked by Bug #16349: Stick to Tor 0.3.4 in Tails 3.12 added

#15 Updated by intrigeri 7 months ago

  • Assignee deleted (intrigeri)
  • % Done changed from 10 to 50
  • QA Check set to Ready for QA

Only tests that failed on Jenkins are #16097 and a few @fragile tests that fail elsewhere too => no regression.

#16 Updated by intrigeri 7 months ago

  • Blocks Bug #16352: Fix systemd vulnerabilities: CVE-2018-16864, CVE-2018-16865 and CVE-2018-16866 added

#17 Updated by hefee 7 months ago

  • Assignee set to hefee

#18 Updated by hefee 7 months ago

  • Assignee deleted (hefee)

looks fine code-wise - needs bar metal checks.

#19 Updated by intrigeri 7 months ago

  • Assignee set to kurono

#20 Updated by intrigeri 7 months ago

Oops, I've just merged this into devel by mistake (by merging another branch that was based on this one). Fingers crossed.

#21 Updated by kurono 7 months ago

  • Assignee changed from kurono to intrigeri

This branch with Linux to 4.19 works fine in my laptop with the Intel Corporation HD Graphics 520 hardware.

#22 Updated by intrigeri 7 months ago

  • Subject changed from Consider enabling protected_fifos and protected_regular to Enable protected_fifos and protected_regular
  • Status changed from In Progress to Fix committed
  • Assignee deleted (intrigeri)
  • % Done changed from 50 to 100
  • QA Check changed from Ready for QA to Pass

#23 Updated by anonym 7 months ago

  • Status changed from Fix committed to Resolved

Also available in: Atom PDF