Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-08 09:17:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Provide optional sysctl fs.binfmt_misc.status=0"

Browse Source 
This reverts commit debd7a7b7a.
This commit is contained in:
Raja Grewal 2024-08-15 11:46:56 +10:00
parent debd7a7b7a
commit 326d82a9be
No known key found for this signature in database
GPG Key ID: 92CA473C156B64C4
2 changed files with 3 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -57,9 +57,8 @@ space, user space, core dumps, and swap space.
- Increase the maximum number of memory map areas a process is able to utilize. - Increase the maximum number of memory map areas a process is able to utilize.
- Provide the option to disallow registering interpreters for various (miscellaneous) - Disallow registering interpreters for various (miscellaneous) binary formats based
binary formats based on a magic number or their file extension to prevent on a magic number or their file extension to prevent unintended code execution.
unintended code execution.
- Disable core dump files and prevent their creation. If core dump files are - Disable core dump files and prevent their creation. If core dump files are
enabled, they will be named based on `core.PID` instead of the default `core`. enabled, they will be named based on `core.PID` instead of the default `core`.

5
usr/lib/sysctl.d/990-security-misc.conf
View File

@ -206,11 +206,8 @@ vm.max_map_count=1048576
## https://en.wikipedia.org/wiki/Binfmt_misc ## https://en.wikipedia.org/wiki/Binfmt_misc
## https://security.stackexchange.com/questions/271786/does-allowing-binfmt-misc-significantly-increase-the-attack-surface-for-unprivil ## https://security.stackexchange.com/questions/271786/does-allowing-binfmt-misc-significantly-increase-the-attack-surface-for-unprivil
## https://unix.stackexchange.com/questions/439569/what-kinds-of-executable-formats-do-the-files-under-proc-sys-fs-binfmt-misc-al ## https://unix.stackexchange.com/questions/439569/what-kinds-of-executable-formats-do-the-files-under-proc-sys-fs-binfmt-misc-al
## https://github.com/Kicksecure/security-misc/pull/249
## ##
## The default kernel setting will be utilized until provided sufficient evidence to modify. fs.binfmt_misc.status=0
##
#fs.binfmt_misc.status=0
## 3. Core Dumps: ## 3. Core Dumps:
## ##