From a662a76a52970530a4a3c3d6a284ce9400dc74c6 Mon Sep 17 00:00:00 2001
From: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sat, 11 Jan 2020 18:37:00 +0000
Subject: [PATCH] Blacklist vivid

---
 etc/modprobe.d/vivid.conf | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 etc/modprobe.d/vivid.conf

diff --git a/etc/modprobe.d/vivid.conf b/etc/modprobe.d/vivid.conf
new file mode 100644
index 0000000..f8d8059
--- /dev/null
+++ b/etc/modprobe.d/vivid.conf
@@ -0,0 +1,10 @@
+## Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
+## See the file COPYING for copying conditions.
+
+## Blacklists the vivid kernel module as it's only required for
+## testing and has been the cause of multiple vulnerabilities.
+##
+## https://forums.whonix.org/t/kernel-recompilation-for-better-hardening/7598/233
+## https://www.openwall.com/lists/oss-security/2019/11/02/1
+## https://github.com/a13xp0p0v/kconfig-hardened-check/commit/981bd163fa19fccbc5ce5d4182e639d67e484475
+install vivid /bin/false