On 2020-01-02 Gilbert E. Detilllieux wrote:
See also...
https://www.spinics.net/lists/fedora-devel/msg252452.html
Thanks, Trevor, for bringing this to our attention. I was not even aware of these new sysctl settings and kernel features. I can see why they'd be desirable from a security perspective, but it does break compatibility, possibly for some legitimate but obscure use cases.
Thanks for the links. I see where they are coming from, but it's a bludgeon to try to fix the forever-bugs of thoughtless tmp file/dir usage by programmers, which I don't think is as prevalent today as it used to be.
Systemd already "solved" it for daemons by shadow-masking safe/unique dirs for /tmp usage (ugh, hate that too!).
I guess these new sysctls are trying to solve it for the rest of the programs out there. When really each program should be using well established tmpdir routines available in every single language that solved these problems eons ago.
I see the point, but it irks me they have to do this at all instead of getting programmers who get their code put into distros to just do it the right way.
fs.protected_regular = 0 on all my boxes now! Well, I guess until someone smartens up tcsh like they did bash so I can still use >!
;-)