From: Rosen Penev Date: Mon, 30 Apr 2018 20:15:54 +0000 (-0700) Subject: sysctl: Protect hard/symlinks by default. X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=20e5fefb0c372ca804d5a3e4176bf1586ac37004;p=openwrt%2Fstaging%2Frobimarko.git sysctl: Protect hard/symlinks by default. There is no usecase for not protecting symlinks that I know of in OpenWrt. Not even on desktop systems where you have multiple users with a shell. Signed-off-by: Rosen Penev --- diff --git a/package/base-files/files/etc/sysctl.d/10-default.conf b/package/base-files/files/etc/sysctl.d/10-default.conf index 98867b7c7b..46d079b36b 100644 --- a/package/base-files/files/etc/sysctl.d/10-default.conf +++ b/package/base-files/files/etc/sysctl.d/10-default.conf @@ -5,6 +5,9 @@ kernel.panic=3 kernel.core_pattern=/tmp/%e.%t.%p.%s.core fs.suid_dumpable=2 +fs.protected_hardlinks=1 +fs.protected_symlinks=1 + net.ipv4.conf.default.arp_ignore=1 net.ipv4.conf.all.arp_ignore=1 net.ipv4.ip_forward=1