From a662a76a52970530a4a3c3d6a284ce9400dc74c6 Mon Sep 17 00:00:00 2001
From: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sat, 11 Jan 2020 18:37:00 +0000
Subject: [PATCH 1/2] Blacklist vivid

---
 etc/modprobe.d/vivid.conf | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 etc/modprobe.d/vivid.conf

diff --git a/etc/modprobe.d/vivid.conf b/etc/modprobe.d/vivid.conf
new file mode 100644
index 0000000..f8d8059
--- /dev/null
+++ b/etc/modprobe.d/vivid.conf
@@ -0,0 +1,10 @@
+## Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
+## See the file COPYING for copying conditions.
+
+## Blacklists the vivid kernel module as it's only required for
+## testing and has been the cause of multiple vulnerabilities.
+##
+## https://forums.whonix.org/t/kernel-recompilation-for-better-hardening/7598/233
+## https://www.openwall.com/lists/oss-security/2019/11/02/1
+## https://github.com/a13xp0p0v/kconfig-hardened-check/commit/981bd163fa19fccbc5ce5d4182e639d67e484475
+install vivid /bin/false

From 6088444c371f021ca23daa3a0ab1ee431d429a61 Mon Sep 17 00:00:00 2001
From: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Sat, 11 Jan 2020 18:38:17 +0000
Subject: [PATCH 2/2] Update control

---
 debian/control | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/debian/control b/debian/control
index 9e56d6c..cc4d29f 100644
--- a/debian/control
+++ b/debian/control
@@ -113,6 +113,9 @@ Description: enhances misc security settings
  a target for ROP.
  .
   * Page allocator freelist randomization is enabled.
+ .
+  * The vivid kernel module is blacklisted as it's only required for testing and
+ has been the cause of multiple vulnerabilities.
  .
  Improve Entropy Collection
  .