Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-12-16 11:43:58 -05:00
Code Issues Projects Releases Packages Wiki Activity

disable vm.unprivileged_userfaultfd=0 for now

Browse source 
because broken

https://forums.whonix.org/t/kernel-hardening/7296/406

reverts "Restrict the userfaultfd() syscall to root as it can make heap sprays easier."

https://duasynt.com/blog/linux-kernel-heap-spray
This commit is contained in:
Patrick Schleizer 2020-03-08 08:07:10 -04:00
parent 44351ec9b7
commit 284a491100
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
etc/sysctl.d/30_security-misc.conf
View file

@ -134,8 +134,10 @@ kernel.sysrq=132
## https://lkml.org/lkml/2019/4/15/890 ## https://lkml.org/lkml/2019/4/15/890
dev.tty.ldisc_autoload=0 dev.tty.ldisc_autoload=0
## Disable for now.
## https://forums.whonix.org/t/kernel-hardening/7296/406
## Restrict the userfaultfd() syscall to root as it can make heap sprays ## Restrict the userfaultfd() syscall to root as it can make heap sprays
## easier. ## easier.
## ##
## https://duasynt.com/blog/linux-kernel-heap-spray ## https://duasynt.com/blog/linux-kernel-heap-spray
vm.unprivileged_userfaultfd=0 #vm.unprivileged_userfaultfd=0