6 lines
257 B
Plaintext
6 lines
257 B
Plaintext
# These settings eliminate an entire class of security vulnerability:
|
|
# time-of-check-time-of-use cross-privilege attacks using guessable
|
|
# filenames (generally seen as "/tmp file race" vulnerabilities).
|
|
fs.protected_hardlinks = 1
|
|
fs.protected_symlinks = 1
|