Difference between revisions of "Talk:Sysctl"

From ArchWiki
Jump to: navigation, search
m ('sysctl -p' does not work: Remove closed discussion.)
(I explaned why a section of the article should be removed.)
Line 1: Line 1:
 +
It seems silly to keep this section of the article. It's information yes, but I doesn't appear to be useful anymore. May I delete it?
 +
 +
=== Preventing link [[Wikipedia:TOCTOU|TOCTOU]] vulnerabilities ===
 +
 +
See the [https://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=800179c9b8a1e796e441674776d11cd4c05d61d7 commit message] for when this feature was added for the rationale.
 +
 +
fs.protected_hardlinks = 1
 +
fs.protected_symlinks = 1
 +
 +
{{Note|Already enabled by default nowadays. Only left here as information.}}
 +
 +
 
I can't imagine this being a very long article, but I do find it useful.  I didn't have a clue what this command did until I came across it now.  I recall it from my first time installing Arch, with regard to storing the volume levels in alsamixer. --[[User:Mustard|Mustard]] 10:31, 22 October 2010 (EDT)
 
I can't imagine this being a very long article, but I do find it useful.  I didn't have a clue what this command did until I came across it now.  I recall it from my first time installing Arch, with regard to storing the volume levels in alsamixer. --[[User:Mustard|Mustard]] 10:31, 22 October 2010 (EDT)
  

Revision as of 01:30, 23 March 2014

It seems silly to keep this section of the article. It's information yes, but I doesn't appear to be useful anymore. May I delete it?

Preventing link TOCTOU vulnerabilities

See the commit message for when this feature was added for the rationale.

fs.protected_hardlinks = 1
fs.protected_symlinks = 1
Note: Already enabled by default nowadays. Only left here as information.


I can't imagine this being a very long article, but I do find it useful. I didn't have a clue what this command did until I came across it now. I recall it from my first time installing Arch, with regard to storing the volume levels in alsamixer. --Mustard 10:31, 22 October 2010 (EDT)

error: permission denied on key 'net.ipv4.conf.all.mc_forwarding'
error: permission denied on key 'net.ipv4.conf.default.mc_forwarding'

Are these not used any-more?

it's read only which might mean that it has to be changed while compiling the kernel, I'm not sure (it used to work), it is disabled by default anyway thestinger 16:39, 26 October 2010 (EDT)

net.ipv4.tcp_rfc1337

From kernel doc:

tcp_rfc1337 - BOOLEAN
	If set, the TCP stack behaves conforming to RFC1337. If unset,
	we are not conforming to RFC, but prevent TCP TIME_WAIT
	assassination.
	Default: 0

So, isn't 0 the safe value? Our wiki says otherwise. -- Lahwaacz (talk) 08:56, 17 September 2013 (UTC)

With setting 0 the system would 'assassinate' a socket in time_wait prematurely upon receiving a RST. While this might sound like a good idea (it frees up a socket quicker), it opens the door for tcp sequence problems/syn replay. Those problems were described in RFC1337 and enabling the setting 1 is one way to deal with them (letting TIME_WAIT packets idle out even if a reset is received, so that the sequence number cannot be reused meanwhile). The wiki is correct in my view. Kernel doc is wrong here - "prevent" should read "enable". --Indigo (talk) 21:12, 17 September 2013 (UTC)