From 479b9e54b10697c7525611fb535438c0f703bc34 Mon Sep 17 00:00:00 2001
From: Jim Warner <james.warner@comcast.net>
Date: Wed, 11 Apr 2018 00:00:00 -0500
Subject: [PATCH] misc: Add some link examples to sysctl.conf (catch up)

--------------- Original Master Branch Commit Message:
Adds both examples to the sample sysctl.conf configuration file
to enable link protection for both hard and soft links.

Most kernels probably have this enabled anyhow.

References:
 https://bugs.debian.org/889098
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078
 https://github.com/torvalds/linux/commit/561ec64ae67ef25cac8d72bb9c4bfc955edfd415

Signed-off-by: Jim Warner <james.warner@comcast.net>
---
 sysctl.conf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sysctl.conf b/sysctl.conf
index 6559310a..e846a57d 100644
--- a/sysctl.conf
+++ b/sysctl.conf
@@ -57,3 +57,8 @@ net/ipv4/icmp_echo_ignore_broadcasts =1
 # This limits PID values to 4 digits, which allows tools like ps
 # to save screen space.
 kernel/pid_max=10000
+
+# Protects against creating or following links under certain conditions
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks = 1
+#fs.protected_symlinks = 1