[openwrt/openwrt] sysctl: Protect hard/symlinks by default.
LEDE Commits
lede-commits at lists.infradead.org
Wed May 2 00:18:35 PDT 2018
blogic pushed a commit to openwrt/openwrt.git, branch master:
https://git.lede-project.org/20e5fefb0c372ca804d5a3e4176bf1586ac37004
commit 20e5fefb0c372ca804d5a3e4176bf1586ac37004
Author: Rosen Penev <rosenp at gmail.com>
AuthorDate: Mon Apr 30 13:15:54 2018 -0700
sysctl: Protect hard/symlinks by default.
There is no usecase for not protecting symlinks that I know of in OpenWrt.
Not even on desktop systems where you have multiple users with a shell.
Signed-off-by: Rosen Penev <rosenp at gmail.com>
---
package/base-files/files/etc/sysctl.d/10-default.conf | 3 +++
1 file changed, 3 insertions(+)
diff --git a/package/base-files/files/etc/sysctl.d/10-default.conf b/package/base-files/files/etc/sysctl.d/10-default.conf
index 98867b7..46d079b 100644
--- a/package/base-files/files/etc/sysctl.d/10-default.conf
+++ b/package/base-files/files/etc/sysctl.d/10-default.conf
@@ -5,6 +5,9 @@ kernel.panic=3
kernel.core_pattern=/tmp/%e.%t.%p.%s.core
fs.suid_dumpable=2
+fs.protected_hardlinks=1
+fs.protected_symlinks=1
+
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.ip_forward=1
More information about the lede-commits
mailing list