From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] sysctl.conf: Turn on hard- and symlink protection
Date: Wed, 06 May 2020 11:25:45 +0100
Message-ID: <02F7B386-7CAF-4639-8DBD-D7958B953812@ipfire.org>
In-Reply-To: <5bc92613-66bb-8f0d-0caa-4532863a9236@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2560139782891437681=="
List-Id: <development.lists.ipfire.org>

--===============2560139782891437681==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Thank you. Merged.

> On 5 May 2020, at 21:19, Peter M=C3=BCller <peter.mueller(a)ipfire.org> wro=
te:
>=20
> This backports 29a8992b7228771fb2cfc68679596598fb01105a into IPFire 3.x
>=20
> Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
> ---
> setup/setup.nm                     | 2 +-
> setup/sysctl/kernel-hardening.conf | 4 ++++
> 2 files changed, 5 insertions(+), 1 deletion(-)
>=20
> diff --git a/setup/setup.nm b/setup/setup.nm
> index 09d94e23d..cc8454bfa 100644
> --- a/setup/setup.nm
> +++ b/setup/setup.nm
> @@ -5,7 +5,7 @@
>=20
> name       =3D setup
> version    =3D 3.0
> -release    =3D 14
> +release    =3D 15
> arch       =3D noarch
>=20
> groups     =3D Base Build System/Base
> diff --git a/setup/sysctl/kernel-hardening.conf b/setup/sysctl/kernel-harde=
ning.conf
> index 33e096c7c..d92485d61 100644
> --- a/setup/sysctl/kernel-hardening.conf
> +++ b/setup/sysctl/kernel-hardening.conf
> @@ -7,3 +7,7 @@ kernel.dmesg_restrict =3D 1
> # Improve KASLR effectiveness for mmap.
> vm.mmap_rnd_bits =3D 32
> vm.mmap_rnd_compat_bits =3D 16
> +
> +# Turn on hard- and symlink protection
> +fs.protected_symlinks =3D 1
> +fs.protected_hardlinks =3D 1
> --=20
> 2.26.1


--===============2560139782891437681==--