readme

2025-01-13 14:59:29 -05:00 · 2019-10-05 09:39:05 +00:00 · 2019-10-05 09:39:05 +00:00 · aaebb32b66
commit aaebb32b66
parent c87fc75f2a
1 changed files with 7 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -68,6 +68,13 @@ flawed process.
 a history of security concerns.
 https://en.wikipedia.org/wiki/Bluetooth#History_of_security_concerns

+* A systemd service restricts /proc/cpuinfo, /proc/bus, /proc/scsi and
+/sys to the root user only. This hides a lot of hardware identifiers from
+unprivileged users and increases security as /sys exposes a lot of information
+that shouldn't be accessible to unprivileged users. As this will break many
+things, it is disabled by default and can optionally be enabled by running
+`systemctl enable hide-hardware-info.service` as root.
+
 Uncommon network protocols are blacklisted:
 These are rarely used and may have unknown vulnerabilities.
 /etc/modprobe.d/uncommon-network-protocols.conf