Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

readme

Browse Source
This commit is contained in:
Patrick Schleizer 2019-12-23 03:57:36 -05:00
parent 9f072ce4f9
commit 046ceeae4d
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -38,7 +38,9 @@ uncommenting settings in file /etc/sysctl.d/tcp_sack.conf.
* Slab merging is disabled as sometimes a slab can be used in a vulnerable
way which an attacker can exploit.
* Sanity checks, redzoning, and memory poisoning are enabled.
* Sanity checks and redzoning are enabled.
* Memory zeroing at allocation and free time is enabled.
* Machine checks (MCE) are disabled which makes the kernel panic
on uncorrectable errors in ECC memory that could be exploited.
@ -89,6 +91,11 @@ things, it is disabled by default and can optionally be enabled by running
* The MSR kernel module is blacklisted to prevent CPU MSRs from being
abused to write to arbitrary memory.
* Vsyscalls are disabled as they are obsolete, are at fixed addresses and are
a target for ROP.
* Page allocator freelist randomization is enabled.
Improve Entropy Collection
* Load jitterentropy_rng kernel module.