mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-25 05:49:22 -05:00
Merge pull request #59 from madaidan/ldisc
Restrict loading line disciplines to CAP_SYS_MODULE
This commit is contained in:
commit
ac8757a031
2
debian/control
vendored
2
debian/control
vendored
@ -119,6 +119,8 @@ Description: enhances misc security settings
|
||||
.
|
||||
* The kernel panics on oopses to prevent it from continuing to run a flawed
|
||||
process and to deter brute forcing.
|
||||
.
|
||||
* Restricts loading line disciplines to CAP_SYS_MODULE.
|
||||
.
|
||||
Improve Entropy Collection
|
||||
.
|
||||
|
@ -118,3 +118,8 @@ net.ipv4.conf.all.rp_filter=1
|
||||
net.ipv4.tcp_timestamps=0
|
||||
|
||||
#### meta end
|
||||
|
||||
## Restrict loading line disciplines to CAP_SYS_MODULE to prevent
|
||||
## unprivileged attackers from loading vulnerable line disciplines
|
||||
## with the TIOCSETD ioctl to exploit them.
|
||||
dev.tty.ldisc_autoload=0
|
||||
|
Loading…
Reference in New Issue
Block a user