sysctl: Protect hard/symlinks by default.

There is no usecase for not protecting symlinks that I know of in OpenWrt. Not even on desktop systems where you have multiple users with a shell. Signed-off-by: Rosen Penev <rosenp@gmail.com>
author: Rosen Penev <rosenp@gmail.com> 2018-04-30 13:15:54 -0700
committer: John Crispin <john@phrozen.org> 2018-05-01 11:19:03 +0200
commit: 20e5fefb0c372ca804d5a3e4176bf1586ac37004 (patch)
tree: 86197c6b5afccccf9d87b01b40531b798f0b5d29 /package/base-files/files/etc
parent: 52ba5760b771d873fe21d260e3b53506663b6144 (diff)
download: upstream-20e5fefb0c372ca804d5a3e4176bf1586ac37004.tar.gz
upstream-20e5fefb0c372ca804d5a3e4176bf1586ac37004.tar.bz2
upstream-20e5fefb0c372ca804d5a3e4176bf1586ac37004.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/package/base-files/files/etc/sysctl.d/10-default.conf b/package/base-files/files/etc/sysctl.d/10-default.conf
index 98867b7c7b..46d079b36b 100644
--- a/package/base-files/files/etc/sysctl.d/10-default.conf
+++ b/package/base-files/files/etc/sysctl.d/10-default.conf
@@ -5,6 +5,9 @@ kernel.panic=3
 kernel.core_pattern=/tmp/%e.%t.%p.%s.core
 fs.suid_dumpable=2
 
+fs.protected_hardlinks=1
+fs.protected_symlinks=1
+
 net.ipv4.conf.default.arp_ignore=1
 net.ipv4.conf.all.arp_ignore=1
 net.ipv4.ip_forward=1
author	Rosen Penev <rosenp@gmail.com>	2018-04-30 13:15:54 -0700
committer	John Crispin <john@phrozen.org>	2018-05-01 11:19:03 +0200
commit	20e5fefb0c372ca804d5a3e4176bf1586ac37004 (patch)
tree	86197c6b5afccccf9d87b01b40531b798f0b5d29 /package/base-files/files/etc
parent	52ba5760b771d873fe21d260e3b53506663b6144 (diff)
download	upstream-20e5fefb0c372ca804d5a3e4176bf1586ac37004.tar.gz upstream-20e5fefb0c372ca804d5a3e4176bf1586ac37004.tar.bz2 upstream-20e5fefb0c372ca804d5a3e4176bf1586ac37004.zip