Add some notices for future Debian 13 rebase

2025-01-05 20:10:49 -05:00 · 2024-08-09 13:33:32 +10:00 · 2024-08-09 13:33:32 +10:00 · d8bcec881f
commit d8bcec881f
parent 0b0683499a
2 changed files with 5 additions and 1 deletions
--- a/etc/default/grub.d/40_kernel_hardening.cfg
+++ b/etc/default/grub.d/40_kernel_hardening.cfg
@ -172,6 +172,7 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vdso32=0"
 ##
 ## https://lore.kernel.org/all/20230623111409.3047467-7-nik.borisov@suse.com/
 ##
+## TODO: Debian 13 Trixie
 ## Applicable when using Linux kernel >= 6.7 (retained here for future-proofing and completeness).
 ##
 #GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX ia32_emulation=0"
--- a/usr/lib/sysctl.d/990-security-misc.conf
+++ b/usr/lib/sysctl.d/990-security-misc.conf
@ -130,10 +130,12 @@ kernel.randomize_va_space=2
 ## Disable the use of legacy TIOCSTI operations which can be used to inject keypresses.
 ## Can lead to privilege escalation by pushing characters into a controlling TTY.
 ## Will break out-dated screen readers that continue to rely on this legacy functionality.
-## This is disabled by default when using Linux kernel >= 6.2.
 ##
 ## https://lore.kernel.org/lkml/20221228205726.rfevry7ud6gmttg5@begin/T/
 ##
+## TODO: Debian 13 Trixie
+## This is disabled by default when using Linux kernel >= 6.2.
+##
 dev.tty.legacy_tiocsti=0

 ## Disable asynchronous I/O for all processes.
@ -146,6 +148,7 @@ dev.tty.legacy_tiocsti=0
 ## https://github.com/moby/moby/pull/46762
 ## https://forums.whonix.org/t/io-uring-security-vulnerabilties/16890
 ##
+## TODO: Debian 13 Trixie
 ## Applicable when using Linux kernel >= 6.6 (retained here for future-proofing and completeness).
 ##
 kernel.io_uring_disabled=2