Merge pull request #59 from madaidan/ldisc

Restrict loading line disciplines to CAP_SYS_MODULE
This commit is contained in:
Patrick Schleizer 2020-02-15 10:09:46 +00:00 committed by GitHub
commit ac8757a031
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 0 deletions

2
debian/control vendored
View File

@ -119,6 +119,8 @@ Description: enhances misc security settings
.
* The kernel panics on oopses to prevent it from continuing to run a flawed
process and to deter brute forcing.
.
* Restricts loading line disciplines to CAP_SYS_MODULE.
.
Improve Entropy Collection
.

View File

@ -118,3 +118,8 @@ net.ipv4.conf.all.rp_filter=1
net.ipv4.tcp_timestamps=0
#### meta end
## Restrict loading line disciplines to CAP_SYS_MODULE to prevent
## unprivileged attackers from loading vulnerable line disciplines
## with the TIOCSETD ioctl to exploit them.
dev.tty.ldisc_autoload=0