Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-23 04:31:08 -05:00
Code Issues Packages Projects Releases Wiki Activity

Document ldisc_autoload better

Browse Source
This commit is contained in:
madaidan 2020-02-15 17:30:21 +00:00 committed by GitHub
parent 757df8fceb
commit a79ce7fa68
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
etc/sysctl.d/30_security-misc.conf
View File

@ -126,7 +126,10 @@ net.ipv4.tcp_timestamps=0
## https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079/ ## https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079/
kernel.sysrq=132 kernel.sysrq=132
## Restrict loading line disciplines to CAP_SYS_MODULE to prevent ## Restrict loading TTY line disciplines to CAP_SYS_MODULE to prevent
## unprivileged attackers from loading vulnerable line disciplines ## unprivileged attackers from loading vulnerable line disciplines
## with the TIOCSETD ioctl to exploit them. ## with the TIOCSETD ioctl which has been used in exploits before
## such as https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html
##
## https://lkml.org/lkml/2019/4/15/890
dev.tty.ldisc_autoload=0 dev.tty.ldisc_autoload=0