Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-06-01 00:44:17 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #20 from madaidan/patch-15

Browse source 
Blacklist HDLC and use "install" for blacklisting firewire/thunderbolt
This commit is contained in:
Patrick Schleizer 2019-07-06 11:06:25 +00:00 committed by GitHub
commit 649878fdcb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
debian/control vendored
View file

@ -95,7 +95,7 @@ Description: enhances misc security settings
. .
All mitigations for the MDS vulnerability are enabled. All mitigations for the MDS vulnerability are enabled.
. .
DCCP, SCTP, TIPC and RDS are blacklisted as they are rarely used and may have DCCP, SCTP, TIPC, RDS and HDLC are blacklisted as they are rarely used and may have
unknown vulnerabilities. unknown vulnerabilities.
. .
The kernel logs are restricted to root only. The kernel logs are restricted to root only.

4
etc/modprobe.d/blacklist-dma.conf
View file

@ -1,3 +1,3 @@
# Blacklist thunderbolt and firewire to prevent some DMA attacks. # Blacklist thunderbolt and firewire to prevent some DMA attacks.
blacklist firewire-core install firewire-core /bin/true
blacklist thunderbolt install thunderbolt /bin/true

1
etc/modprobe.d/uncommon-network-protocols.conf
View file

@ -3,3 +3,4 @@ install dccp /bin/true
install sctp /bin/true install sctp /bin/true
install rds /bin/true install rds /bin/true
install tipc /bin/true install tipc /bin/true
install n-hdlc /bin/true