From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] sysctl.conf: prevent unintentional writes into
 attacker-controlled files and FIFOs
Date: Mon, 05 Oct 2020 14:12:18 +0000
Message-ID: <141827bd-a1b8-e551-9bf5-93f529af485e@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0047413102840587765=="
List-Id: <development.lists.ipfire.org>

--===============0047413102840587765==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Similar to hard- and symlink protection introduced a while ago, this
patch enables protections against unintentional writes into
attacker-controlled regular files or FIFOs, where a program expected to
create new ones. This makes exploiting TOCTOU flaws harder.

See also: https://www.kernel.org/doc/Documentation/sysctl/fs.txt

Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
---
 config/etc/sysctl.conf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index d48c7734e..be7c07c85 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -49,6 +49,11 @@ kernel.dmesg_restrict =3D 1
 fs.protected_symlinks =3D 1
 fs.protected_hardlinks =3D 1
=20
+# Don't allow writes to files and FIFOs that we don't own in world writable =
sticky
+# directories, unless they are owned by the owner of the directory.
+fs.protected_fifos =3D 2
+fs.protected_regular =3D 2
+
 # Minimal preemption granularity for CPU-bound tasks:
 # (default: 1 msec#  (1 + ilog(ncpus)), units: nanoseconds)
 kernel.sched_min_granularity_ns =3D 10000000
--=20
2.26.2

--===============0047413102840587765==--