aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation/sysctl
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation/sysctl')
-rw-r--r--Documentation/sysctl/fs.txt42
1 files changed, 42 insertions, 0 deletions
diff --git a/Documentation/sysctl/fs.txt b/Documentation/sysctl/fs.txt
index 13d6166d7a27..d4a372e75750 100644
--- a/Documentation/sysctl/fs.txt
+++ b/Documentation/sysctl/fs.txt
@@ -32,6 +32,8 @@ Currently, these files are in /proc/sys/fs:
32- nr_open 32- nr_open
33- overflowuid 33- overflowuid
34- overflowgid 34- overflowgid
35- protected_hardlinks
36- protected_symlinks
35- suid_dumpable 37- suid_dumpable
36- super-max 38- super-max
37- super-nr 39- super-nr
@@ -157,6 +159,46 @@ The default is 65534.
157 159
158============================================================== 160==============================================================
159 161
162protected_hardlinks:
163
164A long-standing class of security issues is the hardlink-based
165time-of-check-time-of-use race, most commonly seen in world-writable
166directories like /tmp. The common method of exploitation of this flaw
167is to cross privilege boundaries when following a given hardlink (i.e. a
168root process follows a hardlink created by another user). Additionally,
169on systems without separated partitions, this stops unauthorized users
170from "pinning" vulnerable setuid/setgid files against being upgraded by
171the administrator, or linking to special files.
172
173When set to "0", hardlink creation behavior is unrestricted.
174
175When set to "1" hardlinks cannot be created by users if they do not
176already own the source file, or do not have read/write access to it.
177
178This protection is based on the restrictions in Openwall and grsecurity.
179
180==============================================================
181
182protected_symlinks:
183
184A long-standing class of security issues is the symlink-based
185time-of-check-time-of-use race, most commonly seen in world-writable
186directories like /tmp. The common method of exploitation of this flaw
187is to cross privilege boundaries when following a given symlink (i.e. a
188root process follows a symlink belonging to another user). For a likely
189incomplete list of hundreds of examples across the years, please see:
190http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=/tmp
191
192When set to "0", symlink following behavior is unrestricted.
193
194When set to "1" symlinks are permitted to be followed only when outside
195a sticky world-writable directory, or when the uid of the symlink and
196follower match, or when the directory owner matches the symlink's owner.
197
198This protection is based on the restrictions in Openwall and grsecurity.
199
200==============================================================
201
160suid_dumpable: 202suid_dumpable:
161 203
162This value can be used to query and set the core dump mode for setuid 204This value can be used to query and set the core dump mode for setuid