[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfire-development
Subject: Re: [PATCH] sysctl.conf: Turn on hard- and symlink protection
From: Michael Tremer <michael.tremer () ipfire ! org>
Date: 2020-01-23 22:27:33
Message-ID: DDC6E406-2418-4D4E-9EE9-79C19262D150 () ipfire ! org
[Download RAW message or body]
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
> On 23 Jan 2020, at 21:28, Peter Müller <peter.mueller@ipfire.org> wrote:
>
> Cc: Michael Tremer <michael.tremer@ipfire.org>
> Cc: Arne Fitzenreiter <arne_f@ipfire.org>
> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
> ---
> config/etc/sysctl.conf | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
> index d11e53c88..7e7ebee44 100644
> --- a/config/etc/sysctl.conf
> +++ b/config/etc/sysctl.conf
> @@ -45,6 +45,10 @@ kernel.kptr_restrict = 2
> # Avoid kernel memory address exposures via dmesg.
> kernel.dmesg_restrict = 1
>
> +# Turn on hard- and symlink protection
> +fs.protected_symlinks = 1
> +fs.protected_hardlinks = 1
> +
> # Minimal preemption granularity for CPU-bound tasks:
> # (default: 1 msec# (1 + ilog(ncpus)), units: nanoseconds)
> kernel.sched_min_granularity_ns = 10000000
> --
> 2.16.4
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic