Merge remote-tracking branch 'github-kicksecure/master'

usr/lib/sysctl.d/990-security-misc.conf

@@ -168,11 +168,16 @@ kernel.perf_event_paranoid=3
 ## Can sometimes potentially indicate and thwart certain kernel exploitation attempts.
 ## Panics may be due to false-positives such as bad drivers.
 ## Oopses are serious but non-fatal errors.
-## Kernel warnings are useful to avoid a when attempting to access the location of a WARN().
+## Warnings are messages generated by the kernel to indicate unexpected conditions or errors.
+## By default, code execution continues regardless of warnings emitted by macros like WARN() and WARN_ON().
+## Note that by forcing kernel panics on oopses and warnings, this exposes the system to targeted denial of service attacks.
+## Forcing immediate system reboots on any single kernel panic is an extreme option.
 ##
 ## https://en.wikipedia.org/wiki/Kernel_panic#Linux
 ## https://en.wikipedia.org/wiki/Linux_kernel_oops
 ## https://en.wikipedia.org/wiki/Kdump_(Linux)
+## https://lwn.net/Articles/876209/
+## https://git.sr.ht/~gregkh/presentation-security/tree/3fdaf81a2f8b2c8d64cdb2f529cc714624868aa8/item/security-stuff.pdf
 ## https://forums.whonix.org/t/set-oops-panic-kernel-parameter-or-kernel-panisc-on-oops-1-sysctl-for-better-security/7713
 ##
 ## KSPP=partial