[LEDE-DEV] [PATCH 3/3] sysctl: Protect hard/symlinks by default.

John Crispin john at phrozen.org
Sun Apr 29 23:49:28 PDT 2018



On 31/03/18 00:18, Rosen Penev wrote:
> There is no usecase for not protecting symlinks that I know of in OpenWrt. Not even on desktop systems where you have multiple users with a shell.
>
> Signed-off-by: Rosen Penev <rosenp at gmail.com>
Hi,

does not apply due to bee696d66c95337d91fc0256afbf481dc93ddb27 please 
fix/resend

     John

> ---
>   package/base-files/files/etc/sysctl.conf | 4 ++++
>   1 file changed, 4 insertions(+)
>
> diff --git a/package/base-files/files/etc/sysctl.conf b/package/base-files/files/etc/sysctl.conf
> index 61a43057a1..790fc02654 100644
> --- a/package/base-files/files/etc/sysctl.conf
> +++ b/package/base-files/files/etc/sysctl.conf
> @@ -5,6 +5,10 @@ fs.suid_dumpable=2
>   #disable kernel pointer access from normal users
>   kernel.kptr_restrict=1
>   
> +#enable hard/symlink protection
> +fs.protected_hardlinks=1
> +fs.protected_symlinks=1
> +
>   net.ipv4.conf.default.arp_ignore=1
>   net.ipv4.conf.all.arp_ignore=1
>   net.ipv4.ip_forward=1




More information about the Lede-dev mailing list