Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-12-27 22:14:34 -05:00
Code Issues Projects Releases Packages Wiki Activity

Documentation fix

Browse source
This commit is contained in:
Aaron Rainbolt 2025-11-29 20:44:30 -06:00
parent 2b2d30afce
commit 17ab1bb00f
No known key found for this signature in database
GPG key ID: A709160D73C79109
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
etc/default/grub.d/40_kernel_hardening.cfg#security-misc-shared
View file

@ -274,8 +274,9 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX erst_disable"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX bdev_allow_write_mounted=0"
## Restrict processes from modifying their own memory mappings.
## Prevents the use of FULL_FORCE by a processes unless via ptrace() for debugging.
## Limit self-modification which can be used trigger race condition vulnerabilities.
## Prevents the use of /proc/PID/mem to write to protected pages via the kernel's
## mem_rw() FOLL_FORCE flag. This makes it harder to trick applications into
## overwriting their own memory.
##
## https://lore.kernel.org/lkml/20240712-vfs-procfs-ce7e6c7cf26b@brauner/
## https://lwn.net/Articles/983169/