mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-28 14:09:23 -05:00
Merge pull request #65 from madaidan/userfaultfd
Restrict the userfaultfd() syscall to root
This commit is contained in:
commit
453aa8a4eb
2
debian/control
vendored
2
debian/control
vendored
@ -125,6 +125,8 @@ Description: enhances misc security settings
|
||||
Secure Attention Key.
|
||||
.
|
||||
* Restricts loading line disciplines to `CAP_SYS_MODULE`.
|
||||
.
|
||||
* Restricts the `userfaultfd()` syscall to root.
|
||||
.
|
||||
Improve Entropy Collection
|
||||
.
|
||||
|
@ -133,3 +133,9 @@ kernel.sysrq=132
|
||||
##
|
||||
## https://lkml.org/lkml/2019/4/15/890
|
||||
dev.tty.ldisc_autoload=0
|
||||
|
||||
## Restrict the userfaultfd() syscall to root as it can make heap sprays
|
||||
## easier.
|
||||
##
|
||||
## https://duasynt.com/blog/linux-kernel-heap-spray
|
||||
vm.unprivileged_userfaultfd=0
|
||||
|
Loading…
Reference in New Issue
Block a user