From 046ceeae4df3b45916f35b0789af341c4f3d911a Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon, 23 Dec 2019 03:57:36 -0500
Subject: [PATCH] readme

---
 README.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6239abf..4d655df 100644
--- a/README.md
+++ b/README.md
@@ -38,7 +38,9 @@ uncommenting settings in file /etc/sysctl.d/tcp_sack.conf.
 * Slab merging is disabled as sometimes a slab can be used in a vulnerable
 way which an attacker can exploit.
 
-* Sanity checks, redzoning, and memory poisoning are enabled.
+* Sanity checks and redzoning are enabled.
+
+* Memory zeroing at allocation and free time is enabled.
 
 * Machine checks (MCE) are disabled which makes the kernel panic
 on uncorrectable errors in ECC memory that could be exploited.
@@ -89,6 +91,11 @@ things, it is disabled by default and can optionally be enabled by running
 * The MSR kernel module is blacklisted to prevent CPU MSRs from being
 abused to write to arbitrary memory.
 
+* Vsyscalls are disabled as they are obsolete, are at fixed addresses and are
+a target for ROP.
+
+* Page allocator freelist randomization is enabled.
+
 Improve Entropy Collection
 
 * Load jitterentropy_rng kernel module.