# Tip: Protecting links in Linux 3.7

## runem

Hi all

In Linux 3.6 a feature to protect against some security problems with hard  and symbolic links was added. It is disabled by default in Linux 3.7.

To enable it add the following to /etc/sysctl.conf:

```

# Restrict potential illegal acces via links

fs.protected_hardlinks = 1

fs.protected_symlinks = 1

```

Reference: https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=561ec64ae67ef25cac8d72bb9c4bfc955edfd415

EDIT:

I have used this for several days with no problems. Tested on an amd64 laptop and an x86 server.Last edited by runem on Wed Jan 02, 2013 5:21 pm; edited 1 time in total

----------

## _______0

how is this useful??

----------

## Hu

It reactivates the protections added in Linux 3.6, specifically in commit 800179c9b8a1e796e441674776d11cd4c05d61d7.  As runem notes, it was disabled by default in Linux 3.7 because certain very unusual applications relied on the disallowed behavior.  Most applications do not require the disallowed behavior.  See the commit for more details about why you should usually enable the restriction.

----------

## runem

hardened-sources-3.7.0 has been stabilized. Bump.

----------

## runem

Vanilla-sources and gentoo-sources are both marked as stable now.

----------

