Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-05-02 19:54:52 -04:00
Code Issues Projects Releases Packages Wiki Activity

merge

Browse source
This commit is contained in:
Patrick Schleizer 2019-12-23 03:37:28 -05:00
parent 535c258b83
commit 1ff51ee061
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
1 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

12
debian/control vendored
View file

@ -56,7 +56,9 @@ Description: enhances misc security settings
* Slab merging is disabled as sometimes a slab can be used in a vulnerable
way which an attacker can exploit.
.
* Sanity checks, redzoning, and memory poisoning are enabled.
* Sanity checks and redzoning are enabled.
.
* Memory zeroing at allocation and free time is enabled.
.
* Machine checks (MCE) are disabled which makes the kernel panic
on uncorrectable errors in ECC memory that could be exploited.
@ -106,6 +108,14 @@ Description: enhances misc security settings
.
* The MSR kernel module is blacklisted to prevent CPU MSRs from being
abused to write to arbitrary memory.
.
* Vsyscalls are disabled as they are obsolete, are at fixed addresses and are
a target for ROP.
.
* Page allocator freelist randomization is enabled.
.
* Kernel lockdown is enabled.
.
.
Improve Entropy Collection
.