[LEDE-DEV] [PATCH 3/3] sysctl: Protect hard/symlinks by default.
Rosen Penev
rosenp at gmail.com
Fri Mar 30 15:18:04 PDT 2018
There is no usecase for not protecting symlinks that I know of in OpenWrt. Not even on desktop systems where you have multiple users with a shell.
Signed-off-by: Rosen Penev <rosenp at gmail.com>
---
package/base-files/files/etc/sysctl.conf | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/package/base-files/files/etc/sysctl.conf b/package/base-files/files/etc/sysctl.conf
index 61a43057a1..790fc02654 100644
--- a/package/base-files/files/etc/sysctl.conf
+++ b/package/base-files/files/etc/sysctl.conf
@@ -5,6 +5,10 @@ fs.suid_dumpable=2
#disable kernel pointer access from normal users
kernel.kptr_restrict=1
+#enable hard/symlink protection
+fs.protected_hardlinks=1
+fs.protected_symlinks=1
+
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.ip_forward=1
--
2.16.3
More information about the Lede-dev
mailing list