misc: Add some link examples to sysctl.conf (catch up)

--------------- Original Master Branch Commit Message: Adds both examples to the sample sysctl.conf configuration file to enable link protection for both hard and soft links. Most kernels probably have this enabled anyhow. References: https://bugs.debian.org/889098 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078 561ec64ae6 Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-04-11 00:00:00 -05:00 · 2018-04-11 00:00:00 -05:00 · 479b9e54b1
parent fb44ecf12f
commit 479b9e54b1
1 changed files with 5 additions and 0 deletions
--- a/sysctl.conf
+++ b/sysctl.conf
@ -57,3 +57,8 @@ net/ipv4/icmp_echo_ignore_broadcasts =1
 # This limits PID values to 4 digits, which allows tools like ps
 # to save screen space.
 kernel/pid_max=10000
+
+# Protects against creating or following links under certain conditions
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks = 1
+#fs.protected_symlinks = 1