misc: Add some link examples to sysctl.conf (catch up)
--------------- Original Master Branch Commit Message:
Adds both examples to the sample sysctl.conf configuration file
to enable link protection for both hard and soft links.
Most kernels probably have this enabled anyhow.
References:
https://bugs.debian.org/889098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078
561ec64ae6
Signed-off-by: Jim Warner <james.warner@comcast.net>
This commit is contained in:
parent
fb44ecf12f
commit
479b9e54b1
@ -57,3 +57,8 @@ net/ipv4/icmp_echo_ignore_broadcasts =1
|
|||||||
# This limits PID values to 4 digits, which allows tools like ps
|
# This limits PID values to 4 digits, which allows tools like ps
|
||||||
# to save screen space.
|
# to save screen space.
|
||||||
kernel/pid_max=10000
|
kernel/pid_max=10000
|
||||||
|
|
||||||
|
# Protects against creating or following links under certain conditions
|
||||||
|
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||||
|
#fs.protected_hardlinks = 1
|
||||||
|
#fs.protected_symlinks = 1
|
||||||
|
Loading…
Reference in New Issue
Block a user