Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-26 22:18:20 -05:00
Code Issues Projects Releases Packages Wiki Activity

revert Force immediate kernel panic on OOM.

Browse source 
https://github.com/Kicksecure/security-misc/issues/324#issuecomment-3507949741
This commit is contained in:
Patrick Schleizer 2025-11-09 05:47:00 -05:00
parent 26b96ce280
commit 0391411885
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
2 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -52,7 +52,7 @@ configuration file and significant hardening is applied to a myriad of component
- Force immediate system reboot on the occurrence of a single kernel panic, reducing the - Force immediate system reboot on the occurrence of a single kernel panic, reducing the
risk and impact of denial of service attacks and both cold and warm boot attacks. risk and impact of denial of service attacks and both cold and warm boot attacks.
- Force immediate kernel panic on OOM. This is to avoid security features such as the screen - Optional - Force immediate kernel panic on OOM. This is to avoid security features such as the screen
locker, kloak, emerg-shutdown from being arbitrarily terminated when the system starts locker, kloak, emerg-shutdown from being arbitrarily terminated when the system starts
running out of memory. running out of memory.

4
usr/lib/sysctl.d/990-security-misc.conf#security-misc-shared
View file

@ -204,7 +204,9 @@ kernel.perf_event_paranoid=3
## from being arbitrarily terminated when the system starts running out of memory. ## from being arbitrarily terminated when the system starts running out of memory.
## https://forums.whonix.org/t/screen-locker-in-security-can-we-disable-these-at-least-4-backdoors/8128/14 ## https://forums.whonix.org/t/screen-locker-in-security-can-we-disable-these-at-least-4-backdoors/8128/14
## https://github.com/Kicksecure/security-misc/issues/324 ## https://github.com/Kicksecure/security-misc/issues/324
vm.panic_on_oom=2 ## Needs more work.
##
#vm.panic_on_oom=2
## Disable the use of legacy TIOCSTI operations which can be used to inject keypresses. ## Disable the use of legacy TIOCSTI operations which can be used to inject keypresses.
## Can lead to privilege escalation by pushing characters into a controlling TTY. ## Can lead to privilege escalation by pushing characters into a controlling TTY.