Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-05-17 02:52:11 -04:00
Code Issues Projects Releases Packages Wiki Activity

Restrict the userfaultfd() syscall to root

Browse source
This commit is contained in:
madaidan 2020-02-24 18:23:15 +00:00 committed by GitHub
parent c7f2537930
commit 6b64b36b01
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
etc/sysctl.d/30_security-misc.conf
View file

@ -133,3 +133,9 @@ kernel.sysrq=132
##
## https://lkml.org/lkml/2019/4/15/890
dev.tty.ldisc_autoload=0
## Restrict the userfaultfd() syscall to root as it can make heap sprays
## easier.
##
## https://duasynt.com/blog/linux-kernel-heap-spray
vm.unprivileged_userfaultfd=0