bpfire/config/etc/sysctl.conf at e706f87eedf75f786530815fe149b2b8dca070c2

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-25 18:32:57 +02:00

Files

Peter Müller b7b65e736e sysctl.conf: prevent unintentional writes into attacker-controlled files and FIFOs

Similar to hard- and symlink protection introduced a while ago, this
patch enables protections against unintentional writes into
attacker-controlled regular files or FIFOs, where a program expected to
create new ones. This makes exploiting TOCTOU flaws harder.

See also: https://www.kernel.org/doc/Documentation/sysctl/fs.txt

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

2020-10-05 15:07:47 +00:00

3.4 KiB

Raw Blame History

View Raw

3.4 KiB Raw Blame History

3.4 KiB

Raw Blame History