summaryrefslogtreecommitdiff
path: root/system/test-kernel/0122-link-security-restrictions.patch
diff options
context:
space:
mode:
Diffstat (limited to 'system/test-kernel/0122-link-security-restrictions.patch')
-rw-r--r--system/test-kernel/0122-link-security-restrictions.patch20
1 files changed, 20 insertions, 0 deletions
diff --git a/system/test-kernel/0122-link-security-restrictions.patch b/system/test-kernel/0122-link-security-restrictions.patch
new file mode 100644
index 000000000..f0ed144fb
--- /dev/null
+++ b/system/test-kernel/0122-link-security-restrictions.patch
@@ -0,0 +1,20 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Subject: fs: Enable link security restrictions by default
+Date: Fri, 02 Nov 2012 05:32:06 +0000
+Bug-Debian: https://bugs.debian.org/609455
+Forwarded: not-needed
+This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415
+('VFS: don't do protected {sym,hard}links by default').
+--- a/fs/namei.c 2018-09-28 07:56:07.770005006 -0400
++++ b/fs/namei.c 2018-09-28 07:56:43.370349204 -0400
+@@ -885,8 +885,8 @@ static inline void put_link(struct namei
+ path_put(&last->link);
+ }
+
+-int sysctl_protected_symlinks __read_mostly = 0;
+-int sysctl_protected_hardlinks __read_mostly = 0;
++int sysctl_protected_symlinks __read_mostly = 1;
++int sysctl_protected_hardlinks __read_mostly = 1;
+ int sysctl_protected_fifos __read_mostly;
+ int sysctl_protected_regular __read_mostly;
+