Re: [LEDE-DEV] [PATCH] sysctl: Protect hard/symlinks by default.
On 30/04/18 22:15, Rosen Penev wrote: There is no usecase for not protecting symlinks that I know of in OpenWrt. Not even on desktop systems where you have multiple users with a shell. Hi, patch descriptions should be wrapped at 75 chars John Signed-off-by: Rosen Penevv2: Move to 10-default.conf file. --- package/base-files/files/etc/sysctl.d/10-default.conf | 4 1 file changed, 4 insertions(+) diff --git a/package/base-files/files/etc/sysctl.d/10-default.conf b/package/base-files/files/etc/sysctl.d/10-default.conf index 98867b7..bfe26ca 100644 --- a/package/base-files/files/etc/sysctl.d/10-default.conf +++ b/package/base-files/files/etc/sysctl.d/10-default.conf @@ -5,6 +5,10 @@ kernel.panic=3 kernel.core_pattern=/tmp/%e.%t.%p.%s.core fs.suid_dumpable=2 +#enable hard/symlink protection +fs.protected_hardlinks=1 +fs.protected_symlinks=1 + net.ipv4.conf.default.arp_ignore=1 net.ipv4.conf.all.arp_ignore=1 net.ipv4.ip_forward=1 ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
Re: [LEDE-DEV] [PATCH] sysctl: Protect hard/symlinks by default.
On 30/04/18 22:15, Rosen Penev wrote: There is no usecase for not protecting symlinks that I know of in OpenWrt. Not even on desktop systems where you have multiple users with a shell. Signed-off-by: Rosen Penevv2: Move to 10-default.conf file. Hi, no need to resend but in future please put the v1->v2 info below the tear line (---) and add V2 to the description ([PATCH V2]) John --- package/base-files/files/etc/sysctl.d/10-default.conf | 4 1 file changed, 4 insertions(+) diff --git a/package/base-files/files/etc/sysctl.d/10-default.conf b/package/base-files/files/etc/sysctl.d/10-default.conf index 98867b7..bfe26ca 100644 --- a/package/base-files/files/etc/sysctl.d/10-default.conf +++ b/package/base-files/files/etc/sysctl.d/10-default.conf @@ -5,6 +5,10 @@ kernel.panic=3 kernel.core_pattern=/tmp/%e.%t.%p.%s.core fs.suid_dumpable=2 +#enable hard/symlink protection +fs.protected_hardlinks=1 +fs.protected_symlinks=1 + net.ipv4.conf.default.arp_ignore=1 net.ipv4.conf.all.arp_ignore=1 net.ipv4.ip_forward=1 ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
[LEDE-DEV] [PATCH] sysctl: Protect hard/symlinks by default.
There is no usecase for not protecting symlinks that I know of in OpenWrt. Not even on desktop systems where you have multiple users with a shell. Signed-off-by: Rosen Penevv2: Move to 10-default.conf file. --- package/base-files/files/etc/sysctl.d/10-default.conf | 4 1 file changed, 4 insertions(+) diff --git a/package/base-files/files/etc/sysctl.d/10-default.conf b/package/base-files/files/etc/sysctl.d/10-default.conf index 98867b7..bfe26ca 100644 --- a/package/base-files/files/etc/sysctl.d/10-default.conf +++ b/package/base-files/files/etc/sysctl.d/10-default.conf @@ -5,6 +5,10 @@ kernel.panic=3 kernel.core_pattern=/tmp/%e.%t.%p.%s.core fs.suid_dumpable=2 +#enable hard/symlink protection +fs.protected_hardlinks=1 +fs.protected_symlinks=1 + net.ipv4.conf.default.arp_ignore=1 net.ipv4.conf.all.arp_ignore=1 net.ipv4.ip_forward=1 -- 2.7.4 ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev