Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-25 11:46:23 -05:00
Code Issues Projects Releases Packages Wiki Activity

revert Force immediate kernel panic on OOM.

Browse source 
https://github.com/Kicksecure/security-misc/issues/324#issuecomment-3507949741
This commit is contained in:
Patrick Schleizer 2025-11-09 05:47:00 -05:00
parent 26b96ce280
commit 0391411885
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
2 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -52,7 +52,7 @@ configuration file and significant hardening is applied to a myriad of component
- Force immediate system reboot on the occurrence of a single kernel panic, reducing the
risk and impact of denial of service attacks and both cold and warm boot attacks.
- Force immediate kernel panic on OOM. This is to avoid security features such as the screen
- Optional - Force immediate kernel panic on OOM. This is to avoid security features such as the screen
locker, kloak, emerg-shutdown from being arbitrarily terminated when the system starts
running out of memory.

4
usr/lib/sysctl.d/990-security-misc.conf#security-misc-shared
View file

@ -204,7 +204,9 @@ kernel.perf_event_paranoid=3
## from being arbitrarily terminated when the system starts running out of memory.
## https://forums.whonix.org/t/screen-locker-in-security-can-we-disable-these-at-least-4-backdoors/8128/14
## https://github.com/Kicksecure/security-misc/issues/324
vm.panic_on_oom=2
## Needs more work.
##
#vm.panic_on_oom=2
## Disable the use of legacy TIOCSTI operations which can be used to inject keypresses.
## Can lead to privilege escalation by pushing characters into a controlling TTY.