misc: Add link protection examples to sysctl.conf

Adds both examples to the sample sysctl.conf configuration file
to enable link protection for both hard and soft links.

Most kernels probably have this enabled anyhow.

References:
 https://bugs.debian.org/889098
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078
 561ec64ae6
This commit is contained in:
Craig Small 2018-03-03 18:56:20 +11:00
parent 69f4b6ec8e
commit 8517c86560

View File

@ -57,3 +57,8 @@ net/ipv4/icmp_echo_ignore_broadcasts =1
# This limits PID values to 4 digits, which allows tools like ps # This limits PID values to 4 digits, which allows tools like ps
# to save screen space. # to save screen space.
kernel/pid_max=10000 kernel/pid_max=10000
# Protects against creating or following links under certain conditions
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
#fs.protected_hardlinks = 1
#fs.protected_symlinks = 1