From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] sysctl.conf: Turn on hard- and symlink protection
Date: Tue, 05 May 2020 22:19:36 +0200
Message-ID: <5bc92613-66bb-8f0d-0caa-4532863a9236@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3996200683978500416=="
List-Id: <development.lists.ipfire.org>

--===============3996200683978500416==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This backports 29a8992b7228771fb2cfc68679596598fb01105a into IPFire 3.x

Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
---
 setup/setup.nm                     | 2 +-
 setup/sysctl/kernel-hardening.conf | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/setup/setup.nm b/setup/setup.nm
index 09d94e23d..cc8454bfa 100644
--- a/setup/setup.nm
+++ b/setup/setup.nm
@@ -5,7 +5,7 @@
=20
 name       =3D setup
 version    =3D 3.0
-release    =3D 14
+release    =3D 15
 arch       =3D noarch
=20
 groups     =3D Base Build System/Base
diff --git a/setup/sysctl/kernel-hardening.conf b/setup/sysctl/kernel-hardeni=
ng.conf
index 33e096c7c..d92485d61 100644
--- a/setup/sysctl/kernel-hardening.conf
+++ b/setup/sysctl/kernel-hardening.conf
@@ -7,3 +7,7 @@ kernel.dmesg_restrict =3D 1
 # Improve KASLR effectiveness for mmap.
 vm.mmap_rnd_bits =3D 32
 vm.mmap_rnd_compat_bits =3D 16
+
+# Turn on hard- and symlink protection
+fs.protected_symlinks =3D 1
+fs.protected_hardlinks =3D 1
--=20
2.26.1

--===============3996200683978500416==--