Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-13 10:59:27 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #59 from madaidan/ldisc

Browse Source 
Restrict loading line disciplines to CAP_SYS_MODULE
This commit is contained in:
Patrick Schleizer 2020-02-15 10:09:46 +00:00 committed by GitHub
commit ac8757a031
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
debian/control vendored
View File

@ -119,6 +119,8 @@ Description: enhances misc security settings
. .
* The kernel panics on oopses to prevent it from continuing to run a flawed * The kernel panics on oopses to prevent it from continuing to run a flawed
process and to deter brute forcing. process and to deter brute forcing.
.
* Restricts loading line disciplines to CAP_SYS_MODULE.
. .
Improve Entropy Collection Improve Entropy Collection
. .

5
etc/sysctl.d/30_security-misc.conf
View File

@ -118,3 +118,8 @@ net.ipv4.conf.all.rp_filter=1
net.ipv4.tcp_timestamps=0 net.ipv4.tcp_timestamps=0
#### meta end #### meta end
## Restrict loading line disciplines to CAP_SYS_MODULE to prevent
## unprivileged attackers from loading vulnerable line disciplines
## with the TIOCSETD ioctl to exploit them.
dev.tty.ldisc_autoload=0