projects
/
openwrt
/
staging
/
neocturne.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
52ba576
)
sysctl: Protect hard/symlinks by default.
author
Rosen Penev
<rosenp@gmail.com>
Mon, 30 Apr 2018 20:15:54 +0000
(13:15 -0700)
committer
John Crispin
<john@phrozen.org>
Tue, 1 May 2018 09:19:03 +0000
(11:19 +0200)
There is no usecase for not protecting symlinks that I know of in OpenWrt.
Not even on desktop systems where you have multiple users with a shell.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
package/base-files/files/etc/sysctl.d/10-default.conf
patch
|
blob
|
history
diff --git
a/package/base-files/files/etc/sysctl.d/10-default.conf
b/package/base-files/files/etc/sysctl.d/10-default.conf
index 98867b7c7ba1d1ce181f721cdfd17517069fcdf2..46d079b36bf48feb0ae5d4805eab9300609a94cf 100644
(file)
--- a/
package/base-files/files/etc/sysctl.d/10-default.conf
+++ b/
package/base-files/files/etc/sysctl.d/10-default.conf
@@
-5,6
+5,9
@@
kernel.panic=3
kernel.core_pattern=/tmp/%e.%t.%p.%s.core
fs.suid_dumpable=2
+fs.protected_hardlinks=1
+fs.protected_symlinks=1
+
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.ip_forward=1