misc: Add some link examples to sysctl.conf (catch up)

--------------- Original Master Branch Commit Message: Adds both examples to the sample sysctl.conf configuration file to enable link protection for both hard and soft links. Most kernels probably have this enabled anyhow. References: https://bugs.debian.org/889098 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078 https://github.com/torvalds/linux/commit/561ec64ae67ef25cac8d72bb9c4bfc955edfd415 Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-04-11 00:00:00 -05:00
parent fb44ecf12f
commit 479b9e54b1
1 changed files with 5 additions and 0 deletions
@@ -57,3 +57,8 @@ net/ipv4/icmp_echo_ignore_broadcasts =1
 # This limits PID values to 4 digits, which allows tools like ps
 # to save screen space.
 kernel/pid_max=10000
+
+# Protects against creating or following links under certain conditions
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks = 1
+#fs.protected_symlinks = 1