misc: Add link protection examples to sysctl.conf
Adds both examples to the sample sysctl.conf configuration file
to enable link protection for both hard and soft links.
Most kernels probably have this enabled anyhow.
References:
https://bugs.debian.org/889098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078
561ec64ae6
This commit is contained in:
parent
69f4b6ec8e
commit
8517c86560
@ -57,3 +57,8 @@ net/ipv4/icmp_echo_ignore_broadcasts =1
|
|||||||
# This limits PID values to 4 digits, which allows tools like ps
|
# This limits PID values to 4 digits, which allows tools like ps
|
||||||
# to save screen space.
|
# to save screen space.
|
||||||
kernel/pid_max=10000
|
kernel/pid_max=10000
|
||||||
|
|
||||||
|
# Protects against creating or following links under certain conditions
|
||||||
|
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||||
|
#fs.protected_hardlinks = 1
|
||||||
|
#fs.protected_symlinks = 1
|
||||||
|
Loading…
Reference in New Issue
Block a user