mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-10-01 08:25:45 -04:00
Merge pull request #265 from raja-grewal/mmap_min_addr
Set `sysctl vm.mmap_min_addr=65536`
This commit is contained in:
commit
563a898013
@ -68,6 +68,9 @@ User space:
|
|||||||
|
|
||||||
- Randomize the addresses (ASLR) for mmap base, stack, VDSO pages, and heap.
|
- Randomize the addresses (ASLR) for mmap base, stack, VDSO pages, and heap.
|
||||||
|
|
||||||
|
- Raise the minimum address a process can request for memory mapping to 64KB to
|
||||||
|
protect against kernel null pointer dereference vulnerabilities.
|
||||||
|
|
||||||
- Increase the maximum number of memory map areas a process is able to utilize.
|
- Increase the maximum number of memory map areas a process is able to utilize.
|
||||||
|
|
||||||
- Optional - Disallow registering interpreters for various (miscellaneous) binary formats based
|
- Optional - Disallow registering interpreters for various (miscellaneous) binary formats based
|
||||||
|
@ -274,6 +274,20 @@ fs.protected_regular=2
|
|||||||
##
|
##
|
||||||
kernel.randomize_va_space=2
|
kernel.randomize_va_space=2
|
||||||
|
|
||||||
|
## Raise the minimum address a process can request for memory mapping to 64KB as a form of defense-in-depth.
|
||||||
|
## Prevents kernel null pointer dereference vulnerabilities which may trigger kernel panics.
|
||||||
|
## Protects against local unprivileged users gaining root privileges by mapping data to low memory pages.
|
||||||
|
## Some legacy applications may still depend on low virtual memory addresses for proper functionality.
|
||||||
|
##
|
||||||
|
## https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html
|
||||||
|
## https://access.redhat.com/articles/20484
|
||||||
|
## https://wiki.debian.org/mmap_min_addr
|
||||||
|
##
|
||||||
|
## KSPP=yes
|
||||||
|
## KSPP sets CONFIG_DEFAULT_MMAP_MIN_ADDR=65536.
|
||||||
|
##
|
||||||
|
vm.mmap_min_addr=65536
|
||||||
|
|
||||||
## Increase the maximum number of memory map areas a process is permitted to utilize.
|
## Increase the maximum number of memory map areas a process is permitted to utilize.
|
||||||
## Addresses performance, crash, and start-up issues for some memory-intensive applications.
|
## Addresses performance, crash, and start-up issues for some memory-intensive applications.
|
||||||
## Required to accommodate the very large number of guard pages created by hardened_malloc.
|
## Required to accommodate the very large number of guard pages created by hardened_malloc.
|
||||||
|
Loading…
Reference in New Issue
Block a user