Enable hardlink and symlink restrictions
This prevents many time-of-check-time-of-use security bugs. Ubuntu enables these by default as well so they shouldn't cause many problems.
This commit is contained in:
parent
080bf5614f
commit
7f7e18cfce
1 changed files with 6 additions and 0 deletions
|
@ -53,6 +53,12 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
# Enable hardlink and symlink restrictions. See
|
||||
# https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=800179c9b8a1e796e441674776d11cd4c05d61d7
|
||||
# for details.
|
||||
boot.kernel.sysctl."fs.protected_hardlinks" = true;
|
||||
boot.kernel.sysctl."fs.protected_symlinks" = true;
|
||||
|
||||
};
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue