Re: [LEDE-DEV] [PATCH] sysctl: Protect hard/symlinks by default.

John Crispin Mon, 30 Apr 2018 13:48:43 -0700


On 30/04/18 22:15, Rosen Penev wrote:

There is no usecase for not protecting symlinks that I know of in OpenWrt. Not 
even on desktop systems where you have multiple users with a shell.

Signed-off-by: Rosen Penev <ros...@gmail.com>

v2: Move to 10-default.conf file.

Hi,

no need to resend but in future please put the v1->v2 info below thetear line (---) and add V2 to the description ([PATCH V2])

    John

---
  package/base-files/files/etc/sysctl.d/10-default.conf | 4 ++++
  1 file changed, 4 insertions(+)

diff --git a/package/base-files/files/etc/sysctl.d/10-default.conf 
b/package/base-files/files/etc/sysctl.d/10-default.conf
index 98867b7..bfe26ca 100644
--- a/package/base-files/files/etc/sysctl.d/10-default.conf
+++ b/package/base-files/files/etc/sysctl.d/10-default.conf
@@ -5,6 +5,10 @@ kernel.panic=3
  kernel.core_pattern=/tmp/%e.%t.%p.%s.core
  fs.suid_dumpable=2

+#enable hard/symlink protection

+fs.protected_hardlinks=1
+fs.protected_symlinks=1
+
  net.ipv4.conf.default.arp_ignore=1
  net.ipv4.conf.all.arp_ignore=1
  net.ipv4.ip_forward=1



_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev

Re: [LEDE-DEV] [PATCH] sysctl: Protect hard/symlinks by default.

Reply via email to