Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-03-09 18:59:18 -04:00
Code Issues Packages Projects Releases Wiki Activity

Provide the option to disable legacy TIOCSTI operation

Browse Source
This commit is contained in:
Raja Grewal 2024-08-03 00:25:49 +10:00
parent 52aeacb4da
commit ca2179bb6a
No known key found for this signature in database
GPG Key ID: 92CA473C156B64C4
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -47,6 +47,9 @@ space, user space, core dumps, and swap space.
- Randomize the addresses (ASLR) for mmap base, stack, VDSO pages, and heap. - Randomize the addresses (ASLR) for mmap base, stack, VDSO pages, and heap.
- Provide the option to disable the use of legacy TIOCSTI operation which can be
used to inject keypresses.
- Disable asynchronous I/O as `io_uring` has been the source - Disable asynchronous I/O as `io_uring` has been the source
of numerous kernel exploits (when using Linux kernel version >= 6.6). of numerous kernel exploits (when using Linux kernel version >= 6.6).

7
usr/lib/sysctl.d/990-security-misc.conf
View File

@ -129,6 +129,13 @@ kernel.perf_event_paranoid=3
## ##
kernel.randomize_va_space=2 kernel.randomize_va_space=2
## Disable use of the legacy TIOCSTI operation which can be used to inject keypresses.
## Will break screen readers as can no longer push characters into a controlling TTY.
##
## This is disabled by default when using Linux kernel >= 6.2.
##
#dev.tty.legacy_tiocsti=0
## Disable asynchronous I/O for all processes. ## Disable asynchronous I/O for all processes.
## Leading cause of numerous kernel exploits. ## Leading cause of numerous kernel exploits.
## Disabling will reduce the read/write performance of storage devices. ## Disabling will reduce the read/write performance of storage devices.