From 9db63d97770e62749c0b602dd9e7d2d4d6a1128b Mon Sep 17 00:00:00 2001 From: raja-grewal Date: Mon, 13 Oct 2025 01:01:14 +0000 Subject: [PATCH] README: Update KSSP compliance status --- README.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index a73f6b0..7bb18f7 100644 --- a/README.md +++ b/README.md @@ -279,23 +279,15 @@ there are a few cases of partial or non-compliance due to technical limitations. More than 30 kernel boot parameters and over 30 sysctl settings are fully aligned with the KSPP's recommendations. -**Partial compliance:** - -1. `sysctl kernel.yama.ptrace_scope=3` - -Completely disables `ptrace()`. Can be enabled easily if needed. - -* [security-misc pull request #242](https://github.com/Kicksecure/security-misc/pull/242) - **Non-compliance:** -2. `sysctl user.max_user_namespaces=0` +1. `sysctl user.max_user_namespaces=0` Disables user namespaces entirely. Not recommended due to the potential for widespread breakages. * [security-misc pull request #263](https://github.com/Kicksecure/security-misc/pull/263) -3. `sysctl fs.binfmt_misc.status=0` +2. `sysctl fs.binfmt_misc.status=0` Disables the registration of interpreters for miscellaneous binary formats. Currently not feasible due to compatibility issues with Firefox. @@ -303,6 +295,14 @@ feasible due to compatibility issues with Firefox. * [security-misc pull request #249](https://github.com/Kicksecure/security-misc/pull/249) * [security-misc issue #267](https://github.com/Kicksecure/security-misc/issues/267) +3. Kernel boot parameter `hash_pointers=always` + +Forces all exposed pointers to be hashed and must be used in combination with already enabled +kernel boot parameter `slab_debug=FZ`. Currently not possible as requires Linux kernel >= 6.17. + +* [security-misc issue #253](https://github.com/Kicksecure/security-misc/issues/253) +* [security-misc pull request #325](https://github.com/Kicksecure/security-misc/pull/325) + ### Kernel Modules #### Kernel Module Signature Verification