Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #258 from raja-grewal/legacy_tiocsti

Browse Source 
Enable `dev.tty.legacy_tiocsti=0`
This commit is contained in:
Patrick Schleizer 2024-08-06 09:48:08 -04:00 committed by GitHub
commit ce60d5615f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -47,8 +47,7 @@ space, user space, core dumps, and swap space.
- Randomize the addresses (ASLR) for mmap base, stack, VDSO pages, and heap.
- Provide the option to disable the use of legacy TIOCSTI operation which can be
used to inject keypresses.
- Disable the use of legacy TIOCSTI operations which can be used to inject keypresses.
- Disable asynchronous I/O as `io_uring` has been the source
of numerous kernel exploits (when using Linux kernel version >= 6.6).

10
usr/lib/sysctl.d/990-security-misc.conf
View File

@ -127,12 +127,14 @@ kernel.perf_event_paranoid=3
##
kernel.randomize_va_space=2
## Disable use of the legacy TIOCSTI operation which can be used to inject keypresses.
## Will break screen readers as can no longer push characters into a controlling TTY.
##
## Disable the use of legacy TIOCSTI operations which can be used to inject keypresses.
## Can lead to privilege escalation by pushing characters into a controlling TTY.
## Will break out-dated screen readers that continue to rely on this legacy functionality.
## This is disabled by default when using Linux kernel >= 6.2.
##
#dev.tty.legacy_tiocsti=0
## https://lore.kernel.org/lkml/20221228205726.rfevry7ud6gmttg5@begin/T/
##
dev.tty.legacy_tiocsti=0
## Disable asynchronous I/O for all processes.
## Leading cause of numerous kernel exploits.