From 2ea1956a0c2cbcdde5b15f523da8e5438cacab69 Mon Sep 17 00:00:00 2001
From: Mike Baker <mbm@openwrt.org>
Date: Sun, 26 Mar 2006 12:30:43 +0000
Subject: [PATCH] more security patches

SVN-Revision: 3493
---
 openwrt/package/base-files/default/etc/sysctl.conf    |  2 ++
 .../linux-2.4/patches/brcm/008-gpio_security.patch    | 11 -----------
 .../linux-2.4/patches/generic/213-mtd_security.patch  |  4 ++--
 3 files changed, 4 insertions(+), 13 deletions(-)
 delete mode 100644 openwrt/target/linux/linux-2.4/patches/brcm/008-gpio_security.patch

diff --git a/openwrt/package/base-files/default/etc/sysctl.conf b/openwrt/package/base-files/default/etc/sysctl.conf
index 2e0efcaf4e..a05498cd6c 100644
--- a/openwrt/package/base-files/default/etc/sysctl.conf
+++ b/openwrt/package/base-files/default/etc/sysctl.conf
@@ -1,4 +1,6 @@
 kernel.panic=3
+net.ipv4.conf.default.arp_ignore=1
+net.ipv4.conf.all.arp_ignore=1
 net.ipv4.ip_forward=1
 net.ipv4.icmp_echo_ignore_broadcasts=1
 net.ipv4.icmp_ignore_bogus_error_responses=1
diff --git a/openwrt/target/linux/linux-2.4/patches/brcm/008-gpio_security.patch b/openwrt/target/linux/linux-2.4/patches/brcm/008-gpio_security.patch
deleted file mode 100644
index affcf5fe8d..0000000000
--- a/openwrt/target/linux/linux-2.4/patches/brcm/008-gpio_security.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- linux-2.4.30/arch/mips/bcm947xx/gpio.c.orig	2006-03-26 06:43:24 -05:00
-+++ linux-2.4.30/arch/mips/bcm947xx/gpio.c	2006-03-26 06:44:00 -05:00
-@@ -135,7 +135,7 @@
- 		gpio_file[i].handle = devfs_register(gpio_dir,
- 						     gpio_file[i].name,
- 						     DEVFS_FL_DEFAULT, gpio_major, i,
--						     S_IFCHR | S_IRUGO | S_IWUGO,
-+						     S_IFCHR | S_IRUSR | S_IWUSR,
- 						     &gpio_fops, NULL);
- 	}
- 
diff --git a/openwrt/target/linux/linux-2.4/patches/generic/213-mtd_security.patch b/openwrt/target/linux/linux-2.4/patches/generic/213-mtd_security.patch
index 33659fb391..8420f277b2 100644
--- a/openwrt/target/linux/linux-2.4/patches/generic/213-mtd_security.patch
+++ b/openwrt/target/linux/linux-2.4/patches/generic/213-mtd_security.patch
@@ -5,7 +5,7 @@
          devfs_rw_handle[mtd->index] = devfs_register(devfs_dir_handle, name,
                          DEVFS_FL_DEFAULT, MTD_BLOCK_MAJOR, mtd->index,
 -                        S_IFBLK | S_IRUGO | S_IWUGO,
-+                        S_IFBLK | S_IRUGO | S_IWUSR,
++                        S_IFBLK | S_IRUSR | S_IWUSR,
                          &mtd_fops, NULL);
  }
  
@@ -16,7 +16,7 @@
  	devfs_rw_handle[mtd->index] = devfs_register(devfs_dir_handle, name,
  			DEVFS_FL_DEFAULT, MTD_CHAR_MAJOR, mtd->index*2,
 -			S_IFCHR | S_IRUGO | S_IWUGO,
-+			S_IFCHR | S_IRUGO | S_IWUSR,
++			S_IFCHR | S_IRUSR | S_IWUSR,
  			&mtd_fops, NULL);
  
  	sprintf(name, "%dro", mtd->index);
-- 
2.30.2