From: Peter Müller <peter.mueller@ipfire.org>
Date: Mon, 5 Oct 2020 14:12:18 +0000 (+0000)
Subject: sysctl.conf: prevent unintentional writes into attacker-controlled files and FIFOs
X-Git-Tag: v2.25-core151~8^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b7b65e736e42be7e7988c4c3efe67ca0f2a05057;p=ipfire-2.x.git

sysctl.conf: prevent unintentional writes into attacker-controlled files and FIFOs

Similar to hard- and symlink protection introduced a while ago, this
patch enables protections against unintentional writes into
attacker-controlled regular files or FIFOs, where a program expected to
create new ones. This makes exploiting TOCTOU flaws harder.

See also: https://www.kernel.org/doc/Documentation/sysctl/fs.txt

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index d48c7734e2..be7c07c857 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -49,6 +49,11 @@ kernel.dmesg_restrict = 1
 fs.protected_symlinks = 1
 fs.protected_hardlinks = 1
 
+# Don't allow writes to files and FIFOs that we don't own in world writable sticky
+# directories, unless they are owned by the owner of the directory.
+fs.protected_fifos = 2
+fs.protected_regular = 2
+
 # Minimal preemption granularity for CPU-bound tasks:
 # (default: 1 msec#  (1 + ilog(ncpus)), units: nanoseconds)
 kernel.sched_min_granularity_ns = 10000000