fs: Enable link security restrictions by default

This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415
('VFS: don't do protected {sym,hard}links by default').

Gbp-Pq: Topic debian
Gbp-Pq: Name fs-enable-link-security-restrictions-by-default.patch

diff --git a/fs/namei.c b/fs/namei.c
index 4eb916996345d78bd87b5262ff11769d20d4d29f..dd51d28e163ea28bc3ea65ec673ebb16f9673e2d 100644 (file)
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -885,8 +885,8 @@ static inline void put_link(struct nameidata *nd)
                path_put(&last->link);
 }
 
-int sysctl_protected_symlinks __read_mostly = 0;
-int sysctl_protected_hardlinks __read_mostly = 0;
+int sysctl_protected_symlinks __read_mostly = 1;
+int sysctl_protected_hardlinks __read_mostly = 1;
 
 /**
  * may_follow_link - Check symlink following for unsafe situations