Merge pull request #21 from madaidan/patch-16

Make the kernel panic on oopses
2025-01-26 03:56:00 -05:00 · 2019-07-09 10:54:48 +00:00 · 2019-07-09 10:54:48 +00:00 · e4bb77037e
commit e4bb77037e
parent a9441e7be4 0f15303eb4
4 changed files with 23 additions and 0 deletions
--- a/debian/control
+++ b/debian/control
@ -121,6 +121,9 @@ Description: enhances misc security settings
 The default umask is changed to 006. This allows only the owner and group to
 read and write to newly created files.
 .
+ The kernel now panics on oopses to prevent it from continuing running a
+ flawed process.
+ .
 Su is restricted to only users within the root group which prevents users from
 using su to gain root access or switch user accounts.
 .
@ -128,3 +131,4 @@ Description: enhances misc security settings
 .
 The amount of hashing rounds used by shadow is bumped to 65536. This increases
 the security of hashed passwords.
+
--- a/etc/X11/Xsession.d/50panic_on_oops
+++ b/etc/X11/Xsession.d/50panic_on_oops
@ -0,0 +1,8 @@
+#!/bin/sh
+
+## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
+## See the file COPYING for copying conditions.
+
+if [ -x /usr/lib/security-misc/panic-on-oops ]; then
+   sudo --non-interactive /usr/lib/security-misc/panic-on-oops
+fi
--- a/etc/sudoers.d/security-misc
+++ b/etc/sudoers.d/security-misc
@ -0,0 +1,4 @@
+## Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
+## See the file COPYING for copying conditions.
+
+user ALL=NOPASSWD: /usr/lib/security-misc/panic-on-oops
--- a/usr/lib/security-misc/panic-on-oops
+++ b/usr/lib/security-misc/panic-on-oops
@ -0,0 +1,7 @@
+#!/bin/bash
+
+## Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
+## See the file COPYING for copying conditions.
+
+# Makes the kernel panic on oopses.
+sysctl kernel.panic_on_oops=1