Merge remote-tracking branch 'origin/master'

This commit is contained in:
Patrick Schleizer 2020-01-11 15:14:43 -05:00
commit 3fae8e771f
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
2 changed files with 13 additions and 0 deletions

3
debian/control vendored
View File

@ -113,6 +113,9 @@ Description: enhances misc security settings
a target for ROP. a target for ROP.
. .
* Page allocator freelist randomization is enabled. * Page allocator freelist randomization is enabled.
.
* The vivid kernel module is blacklisted as it's only required for testing and
has been the cause of multiple vulnerabilities.
. .
Improve Entropy Collection Improve Entropy Collection
. .

10
etc/modprobe.d/vivid.conf Normal file
View File

@ -0,0 +1,10 @@
## Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.
## Blacklists the vivid kernel module as it's only required for
## testing and has been the cause of multiple vulnerabilities.
##
## https://forums.whonix.org/t/kernel-recompilation-for-better-hardening/7598/233
## https://www.openwall.com/lists/oss-security/2019/11/02/1
## https://github.com/a13xp0p0v/kconfig-hardened-check/commit/981bd163fa19fccbc5ce5d4182e639d67e484475
install vivid /bin/false