misc: Add some link examples to sysctl.conf (catch up)

--------------- Original Master Branch Commit Message: Adds both examples to the sample sysctl.conf configuration file to enable link protection for both hard and soft links. Most kernels probably have this enabled anyhow. References: https://bugs.debian.org/889098 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078 https://github.com/torvalds/linux/commit/561ec64ae67ef25cac8d72bb9c4bfc955edfd415 Signed-off-by: Jim Warner <james.warner@comcast.net>
author: Jim Warner <james.warner@comcast.net> 2018-04-11 00:00:00 -0500
committer: Craig Small <csmall@enc.com.au> 2018-05-06 07:19:38 +1000
commit: 479b9e54b10697c7525611fb535438c0f703bc34 (patch)
tree: bfe64a028c376a5690f5025fd1a41da4eefd17cf /sysctl.conf
parent: fb44ecf12f6e5721b0d8ead407611ae4ed6e08a2 (diff)
download: procps-ng-479b9e54b10697c7525611fb535438c0f703bc34.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/sysctl.conf b/sysctl.conf
index 6559310..e846a57 100644
--- a/sysctl.conf
+++ b/sysctl.conf
@@ -57,3 +57,8 @@ net/ipv4/icmp_echo_ignore_broadcasts =1
 # This limits PID values to 4 digits, which allows tools like ps
 # to save screen space.
 kernel/pid_max=10000
+
+# Protects against creating or following links under certain conditions
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks = 1
+#fs.protected_symlinks = 1
author	Jim Warner <james.warner@comcast.net>	2018-04-11 00:00:00 -0500
committer	Craig Small <csmall@enc.com.au>	2018-05-06 07:19:38 +1000
commit	479b9e54b10697c7525611fb535438c0f703bc34 (patch)
tree	bfe64a028c376a5690f5025fd1a41da4eefd17cf /sysctl.conf
parent	fb44ecf12f6e5721b0d8ead407611ae4ed6e08a2 (diff)
download	procps-ng-479b9e54b10697c7525611fb535438c0f703bc34.tar.gz