ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-11-12 03:56:17 +03:00
Code Issues Projects Releases Wiki Activity

Enable hardlink and symlink restrictions

Browse Source 
This prevents many time-of-check-time-of-use security bugs.  Ubuntu
enables these by default as well so they shouldn't cause many
problems.
This commit is contained in:
Eelco Dolstra 2013-03-02 19:57:55 +01:00
parent 080bf5614f
commit 7f7e18cfce
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
modules/config/sysctl.nix
View File

@ -53,6 +53,12 @@ in
};
};
# Enable hardlink and symlink restrictions. See
# https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=800179c9b8a1e796e441674776d11cd4c05d61d7
# for details.
boot.kernel.sysctl."fs.protected_hardlinks" = true;
boot.kernel.sysctl."fs.protected_symlinks" = true;
};
}