So as i understand this, and i hope i am correct. If i am the only user on the server then regardless of how i have these configured, both on, both off, one on, one off. It really does not matter other than for script execution needs.
What i mean is that right now i have them both enabled, i also have mod_ruid2 and jailshell enabled. However i still get the warning from the security advisor that i do not have protection from this exploit.
I have updated my kernel and rebooted the server.
----------------------
Kernel does not support the prevention of symlink ownership attacks.You do not appear to have any symlink protection enabled through a properly patched kernel on this server, which provides additional protections beyond those solutions employed in userland. Please review the documentation to learn how to apply this protection.
------------------------
However in the documentation it tells me that one option is to use EXPERIMENTAL mod_ruid2 with jailshell. So i really should not be getting that notice at all.
However to my original topic here, since i am the only user then it really does not matter, is that correct?
What i mean is that right now i have them both enabled, i also have mod_ruid2 and jailshell enabled. However i still get the warning from the security advisor that i do not have protection from this exploit.
I have updated my kernel and rebooted the server.
----------------------
Kernel does not support the prevention of symlink ownership attacks.You do not appear to have any symlink protection enabled through a properly patched kernel on this server, which provides additional protections beyond those solutions employed in userland. Please review the documentation to learn how to apply this protection.
------------------------
However in the documentation it tells me that one option is to use EXPERIMENTAL mod_ruid2 with jailshell. So i really should not be getting that notice at all.
However to my original topic here, since i am the only user then it really does not matter, is that correct?
