diff options
author | Jim Warner <james.warner@comcast.net> | 2018-04-11 00:00:00 -0500 |
---|---|---|
committer | Craig Small <csmall@enc.com.au> | 2018-05-06 07:19:38 +1000 |
commit | 479b9e54b10697c7525611fb535438c0f703bc34 (patch) | |
tree | bfe64a028c376a5690f5025fd1a41da4eefd17cf /sysctl.conf | |
parent | fb44ecf12f6e5721b0d8ead407611ae4ed6e08a2 (diff) | |
download | procps-ng-479b9e54b10697c7525611fb535438c0f703bc34.tar.gz |
misc: Add some link examples to sysctl.conf (catch up)
--------------- Original Master Branch Commit Message:
Adds both examples to the sample sysctl.conf configuration file
to enable link protection for both hard and soft links.
Most kernels probably have this enabled anyhow.
References:
https://bugs.debian.org/889098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078
https://github.com/torvalds/linux/commit/561ec64ae67ef25cac8d72bb9c4bfc955edfd415
Signed-off-by: Jim Warner <james.warner@comcast.net>
Diffstat (limited to 'sysctl.conf')
-rw-r--r-- | sysctl.conf | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sysctl.conf b/sysctl.conf index 6559310..e846a57 100644 --- a/sysctl.conf +++ b/sysctl.conf @@ -57,3 +57,8 @@ net/ipv4/icmp_echo_ignore_broadcasts =1 # This limits PID values to 4 digits, which allows tools like ps # to save screen space. kernel/pid_max=10000 + +# Protects against creating or following links under certain conditions +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks = 1 +#fs.protected_symlinks = 1 |