commit: fbd9a85dba3daa04f88e84e68147cd7830b03c4c Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Sat Feb 26 23:28:40 2022 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Sat Feb 26 23:28:40 2022 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=fbd9a85d
Update default security restrictions Bug: https://bugs.gentoo.org/834085 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> 1510_fs-enable-link-security-restrictions-by-default.patch | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/1510_fs-enable-link-security-restrictions-by-default.patch b/1510_fs-enable-link-security-restrictions-by-default.patch index 8bfb36c1..1b3e590d 100644 --- a/1510_fs-enable-link-security-restrictions-by-default.patch +++ b/1510_fs-enable-link-security-restrictions-by-default.patch @@ -1,13 +1,17 @@ ---- a/fs/namei.c 2018-12-01 11:30:07.672594412 -0500 -+++ b/fs/namei.c 2018-12-01 11:30:58.772816410 -0500 -@@ -902,8 +902,8 @@ static inline void put_link(struct namei +--- a/fs/namei.c 2022-01-09 17:55:34.000000000 -0500 ++++ b/fs/namei.c 2022-02-26 11:32:31.832844465 -0500 +@@ -1020,10 +1020,10 @@ static inline void put_link(struct namei path_put(&last->link); } -int sysctl_protected_symlinks __read_mostly = 0; -int sysctl_protected_hardlinks __read_mostly = 0; +-int sysctl_protected_fifos __read_mostly; +-int sysctl_protected_regular __read_mostly; +int sysctl_protected_symlinks __read_mostly = 1; +int sysctl_protected_hardlinks __read_mostly = 1; - int sysctl_protected_fifos __read_mostly; - int sysctl_protected_regular __read_mostly; ++int sysctl_protected_fifos __read_mostly = 1; ++int sysctl_protected_regular __read_mostly = 1; + /** + * may_follow_link - Check symlink following for unsafe situations