sysctl: Protect hard/symlinks by default.

author Rosen Penev <rosenp@gmail.com>

Mon, 30 Apr 2018 20:15:54 +0000 (13:15 -0700)

committer John Crispin <john@phrozen.org>

Tue, 1 May 2018 09:19:03 +0000 (11:19 +0200)
author Rosen Penev <rosenp@gmail.com>
Mon, 30 Apr 2018 20:15:54 +0000 (13:15 -0700)
committer John Crispin <john@phrozen.org>
Tue, 1 May 2018 09:19:03 +0000 (11:19 +0200)
diff --git a/package/base-files/files/etc/sysctl.d/10-default.conf b/package/base-files/files/etc/sysctl.d/10-default.conf

index 98867b7c7ba1d1ce181f721cdfd17517069fcdf2..46d079b36bf48feb0ae5d4805eab9300609a94cf 100644 (file)
--- a/package/base-files/files/etc/sysctl.d/10-default.conf
+++ b/package/base-files/files/etc/sysctl.d/10-default.conf
@@ -5,6 +5,9 @@ kernel.panic=3
  kernel.core_pattern=/tmp/%e.%t.%p.%s.core
  fs.suid_dumpable=2
  
+fs.protected_hardlinks=1
+fs.protected_symlinks=1
+
  net.ipv4.conf.default.arp_ignore=1
  net.ipv4.conf.all.arp_ignore=1
  net.ipv4.ip_forward=1
author	Rosen Penev <rosenp@gmail.com>
	Mon, 30 Apr 2018 20:15:54 +0000 (13:15 -0700)
committer	John Crispin <john@phrozen.org>
	Tue, 1 May 2018 09:19:03 +0000 (11:19 +0200)