Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-05-05 07:24:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add details on ASLR and move to user space section

Browse source
This commit is contained in:
Raja Grewal 2024-08-16 13:39:11 +10:00
parent a132980023
commit 84376d23fc
No known key found for this signature in database
GPG key ID: 92CA473C156B64C4
2 changed files with 11 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

16
usr/lib/sysctl.d/990-security-misc.conf
View file

@ -120,13 +120,6 @@ kernel.perf_event_paranoid=3
#kernel.panic_on_oops=1
#kernel.panic=-1
## Enable ASLR for mmap base, stack, VDSO pages, and heap.
## Heap randomization can lead to breakages with legacy applications.
##
## https://en.wikipedia.org/wiki/Address_space_layout_randomization#Linux
##
kernel.randomize_va_space=2
## Disable the use of legacy TIOCSTI operations which can be used to inject keypresses.
## Can lead to privilege escalation by pushing characters into a controlling TTY.
## Will break out-dated screen readers that continue to rely on this legacy functionality.
@ -205,6 +198,15 @@ fs.protected_symlinks=1
fs.protected_fifos=2
fs.protected_regular=2
## Enable ASLR for mmap base, stack, VDSO pages, and heap.
## Forces shared libraries to be loaded to random addresses
## Start location of PIE-linked binaries is randomized.
## Heap randomization can lead to breakages with legacy applications.
##
## https://en.wikipedia.org/wiki/Address_space_layout_randomization#Linux
##
kernel.randomize_va_space=2
## Increase the maximum number of memory map areas a process is permitted to utilize.
## Addresses performance, crash, and start-up issues for some memory-intensive applications.
## Required to accommodate the very large number of guard pages created by hardened_malloc.