aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRosen Penev <rosenp@gmail.com>2018-04-30 13:15:54 -0700
committerJohn Crispin <john@phrozen.org>2018-05-01 11:19:03 +0200
commit20e5fefb0c372ca804d5a3e4176bf1586ac37004 (patch)
tree86197c6b5afccccf9d87b01b40531b798f0b5d29
parent52ba5760b771d873fe21d260e3b53506663b6144 (diff)
downloadupstream-20e5fefb0c372ca804d5a3e4176bf1586ac37004.tar.gz
upstream-20e5fefb0c372ca804d5a3e4176bf1586ac37004.tar.bz2
upstream-20e5fefb0c372ca804d5a3e4176bf1586ac37004.zip
sysctl: Protect hard/symlinks by default.
There is no usecase for not protecting symlinks that I know of in OpenWrt. Not even on desktop systems where you have multiple users with a shell. Signed-off-by: Rosen Penev <rosenp@gmail.com>
-rw-r--r--package/base-files/files/etc/sysctl.d/10-default.conf3
1 files changed, 3 insertions, 0 deletions
diff --git a/package/base-files/files/etc/sysctl.d/10-default.conf b/package/base-files/files/etc/sysctl.d/10-default.conf
index 98867b7c7b..46d079b36b 100644
--- a/package/base-files/files/etc/sysctl.d/10-default.conf
+++ b/package/base-files/files/etc/sysctl.d/10-default.conf
@@ -5,6 +5,9 @@ kernel.panic=3
kernel.core_pattern=/tmp/%e.%t.%p.%s.core
fs.suid_dumpable=2
+fs.protected_hardlinks=1
+fs.protected_symlinks=1
+
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.ip_forward=1