fs: Enable link security restrictions by default

author Ben Hutchings <ben@decadent.org.uk>

Fri, 2 Nov 2012 05:32:06 +0000 (05:32 +0000)

committer Salvatore Bonaccorso <carnil@debian.org>

Sun, 18 Feb 2018 08:36:49 +0000 (08:36 +0000)
author Ben Hutchings <ben@decadent.org.uk>
Fri, 2 Nov 2012 05:32:06 +0000 (05:32 +0000)
committer Salvatore Bonaccorso <carnil@debian.org>
Sun, 18 Feb 2018 08:36:49 +0000 (08:36 +0000)
diff --git a/fs/namei.c b/fs/namei.c

index 9cc91fb7f156541bd53243b35c2823bbf9ca1133..ba0e4b2bad2237aaff219dd6e7f682e11a227922 100644 (file)
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -900,8 +900,8 @@ static inline void put_link(struct nameidata *nd)
                 path_put(&last->link);
  }
  
-int sysctl_protected_symlinks __read_mostly = 0;
-int sysctl_protected_hardlinks __read_mostly = 0;
+int sysctl_protected_symlinks __read_mostly = 1;
+int sysctl_protected_hardlinks __read_mostly = 1;
  
  /**
   * may_follow_link - Check symlink following for unsafe situations
author	Ben Hutchings <ben@decadent.org.uk>
	Fri, 2 Nov 2012 05:32:06 +0000 (05:32 +0000)
committer	Salvatore Bonaccorso <carnil@debian.org>
	Sun, 18 Feb 2018 08:36:49 +0000 (08:36 +0000)