Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-13 14:19:26 -05:00
Code Issues Packages Projects Releases Wiki Activity

merge

Browse Source
This commit is contained in:
Patrick Schleizer 2019-12-23 03:37:28 -05:00
parent 535c258b83
commit 1ff51ee061
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
debian/control vendored
View File

@ -56,7 +56,9 @@ Description: enhances misc security settings
* Slab merging is disabled as sometimes a slab can be used in a vulnerable * Slab merging is disabled as sometimes a slab can be used in a vulnerable
way which an attacker can exploit. way which an attacker can exploit.
. .
* Sanity checks, redzoning, and memory poisoning are enabled. * Sanity checks and redzoning are enabled.
.
* Memory zeroing at allocation and free time is enabled.
. .
* Machine checks (MCE) are disabled which makes the kernel panic * Machine checks (MCE) are disabled which makes the kernel panic
on uncorrectable errors in ECC memory that could be exploited. on uncorrectable errors in ECC memory that could be exploited.
@ -106,6 +108,14 @@ Description: enhances misc security settings
. .
* The MSR kernel module is blacklisted to prevent CPU MSRs from being * The MSR kernel module is blacklisted to prevent CPU MSRs from being
abused to write to arbitrary memory. abused to write to arbitrary memory.
.
* Vsyscalls are disabled as they are obsolete, are at fixed addresses and are
a target for ROP.
.
* Page allocator freelist randomization is enabled.
.
* Kernel lockdown is enabled.
.
. .
Improve Entropy Collection Improve Entropy Collection
. .