1510_fs-enable-link-security-restrictions-by-default.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

From: Ben Hutchings <ben@decadent.org.uk>
Subject: fs: Enable link security restrictions by default
Date: Fri, 02 Nov 2012 05:32:06 +0000
Bug-Debian: https://bugs.debian.org/609455
Forwarded: not-needed
This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415
('VFS: don't do protected {sym,hard}links by default').
--- a/fs/namei.c	2018-09-28 07:56:07.770005006 -0400
+++ b/fs/namei.c	2018-09-28 07:56:43.370349204 -0400
@@ -885,8 +885,8 @@ static inline void put_link(struct namei
 		path_put(&last->link);
 }
 
-int sysctl_protected_symlinks __read_mostly = 0;
-int sysctl_protected_hardlinks __read_mostly = 0;
+int sysctl_protected_symlinks __read_mostly = 1;
+int sysctl_protected_hardlinks __read_mostly = 1;
 int sysctl_protected_fifos __read_mostly;
 int sysctl_protected_regular __read_mostly;