Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master'

Browse Source
This commit is contained in:
Patrick Schleizer 2020-02-29 07:34:46 -05:00
commit 63c6405ab7
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
debian/control vendored
View File

@ -125,6 +125,8 @@ Description: enhances misc security settings
Secure Attention Key. Secure Attention Key.
. .
* Restricts loading line disciplines to `CAP_SYS_MODULE`. * Restricts loading line disciplines to `CAP_SYS_MODULE`.
.
* Restricts the `userfaultfd()` syscall to root.
. .
Improve Entropy Collection Improve Entropy Collection
. .

6
etc/sysctl.d/30_security-misc.conf
View File

@ -133,3 +133,9 @@ kernel.sysrq=132
## ##
## https://lkml.org/lkml/2019/4/15/890 ## https://lkml.org/lkml/2019/4/15/890
dev.tty.ldisc_autoload=0 dev.tty.ldisc_autoload=0
## Restrict the userfaultfd() syscall to root as it can make heap sprays
## easier.
##
## https://duasynt.com/blog/linux-kernel-heap-spray
vm.unprivileged_userfaultfd=0