symlinks by default.

John Crispin Sun, 29 Apr 2018 23:50:16 -0700


On 31/03/18 00:18, Rosen Penev wrote:

There is no usecase for not protecting symlinks that I know of in OpenWrt. Not 
even on desktop systems where you have multiple users with a shell.

Signed-off-by: Rosen Penev <ros...@gmail.com>

Hi,

does not apply due to bee696d66c95337d91fc0256afbf481dc93ddb27 pleasefix/resend


    John

---
  package/base-files/files/etc/sysctl.conf | 4 ++++
  1 file changed, 4 insertions(+)

diff --git a/package/base-files/files/etc/sysctl.conf 
b/package/base-files/files/etc/sysctl.conf
index 61a43057a1..790fc02654 100644
--- a/package/base-files/files/etc/sysctl.conf
+++ b/package/base-files/files/etc/sysctl.conf
@@ -5,6 +5,10 @@ fs.suid_dumpable=2
  #disable kernel pointer access from normal users
  kernel.kptr_restrict=1

+#enable hard/symlink protection

+fs.protected_hardlinks=1
+fs.protected_symlinks=1
+
  net.ipv4.conf.default.arp_ignore=1
  net.ipv4.conf.all.arp_ignore=1
  net.ipv4.ip_forward=1



_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev

Re: [LEDE-DEV] [PATCH 3/3] sysctl: Protect hard/symlinks by default.

Reply via email to