Merge remote-tracking branch 'origin/master'

debian/control

@@ -121,6 +121,9 @@ Description: enhances misc security settings
  The default umask is changed to 006. This allows only the owner and group to
  read and write to newly created files.
  .
+ The kernel now panics on oopses to prevent it from continuing running a
+ flawed process.
+ .
  Su is restricted to only users within the root group which prevents users from
  using su to gain root access or switch user accounts.
  .
@@ -128,3 +131,4 @@ Description: enhances misc security settings
  .
  The amount of hashing rounds used by shadow is bumped to 65536. This increases
  the security of hashed passwords.
+

etc/X11/Xsession.d/50panic_on_oops

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
+## See the file COPYING for copying conditions.
+
+if [ -x /usr/lib/security-misc/panic-on-oops ]; then
+   sudo --non-interactive /usr/lib/security-misc/panic-on-oops
+fi

etc/sudoers.d/security-misc

@@ -0,0 +1,4 @@
+## Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
+## See the file COPYING for copying conditions.
+
+user ALL=NOPASSWD: /usr/lib/security-misc/panic-on-oops

usr/lib/security-misc/panic-on-oops

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+## Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
+## See the file COPYING for copying conditions.
+
+# Makes the kernel panic on oopses.
+sysctl kernel.panic_on_oops=1