[LEDE-DEV] [PATCH] sysctl: Protect hard/symlinks by default.
John Crispin
john at phrozen.org
Mon Apr 30 13:47:37 PDT 2018
On 30/04/18 22:15, Rosen Penev wrote:
> There is no usecase for not protecting symlinks that I know of in OpenWrt. Not even on desktop systems where you have multiple users with a shell.
>
> Signed-off-by: Rosen Penev <rosenp at gmail.com>
>
> v2: Move to 10-default.conf file.
Hi,
no need to resend but in future please put the v1->v2 info below the
tear line (---) and add V2 to the description ([PATCH V2])
John
> ---
> package/base-files/files/etc/sysctl.d/10-default.conf | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/package/base-files/files/etc/sysctl.d/10-default.conf b/package/base-files/files/etc/sysctl.d/10-default.conf
> index 98867b7..bfe26ca 100644
> --- a/package/base-files/files/etc/sysctl.d/10-default.conf
> +++ b/package/base-files/files/etc/sysctl.d/10-default.conf
> @@ -5,6 +5,10 @@ kernel.panic=3
> kernel.core_pattern=/tmp/%e.%t.%p.%s.core
> fs.suid_dumpable=2
>
> +#enable hard/symlink protection
> +fs.protected_hardlinks=1
> +fs.protected_symlinks=1
> +
> net.ipv4.conf.default.arp_ignore=1
> net.ipv4.conf.all.arp_ignore=1
> net.ipv4.ip_forward=1
More information about the Lede-dev
mailing list