From f13a73e569e6adacd38aaa59f4484919a3896359 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Tue, 10 Sep 2019 12:35:42 -0400 Subject: [PATCH] undo SysRq restrictions https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079 --- README.md | 3 --- debian/control | 3 --- debian/security-misc.maintscript | 3 +++ etc/sysctl.d/sysrq.conf | 2 -- 4 files changed, 3 insertions(+), 8 deletions(-) delete mode 100644 etc/sysctl.d/sysrq.conf diff --git a/README.md b/README.md index 03a4ca6..c7f1096 100644 --- a/README.md +++ b/README.md @@ -37,9 +37,6 @@ KASLR effectiveness. * All mitigations for the MDS vulnerability are enabled. -* The SysRq key is restricted to only allow shutdowns/reboots. -/etc/sysctl.d/sysrq.conf - * A systemd service clears System.map on boot as these contain kernel symbols that could be useful to an attacker. /etc/kernel/postinst.d/30_remove-system-map diff --git a/debian/control b/debian/control index 9f28c33..f84fe57 100644 --- a/debian/control +++ b/debian/control @@ -53,9 +53,6 @@ Description: enhances misc security settings * SMT is disabled as it can be used to exploit the MDS vulnerability. . * All mitigations for the MDS vulnerability are enabled. - . - * The SysRq key is restricted to only allow shutdowns/reboots. - /etc/sysctl.d/sysrq.conf . * A systemd service clears System.map on boot as these contain kernel symbols that could be useful to an attacker. diff --git a/debian/security-misc.maintscript b/debian/security-misc.maintscript index 3dca986..2c93164 100644 --- a/debian/security-misc.maintscript +++ b/debian/security-misc.maintscript @@ -5,3 +5,6 @@ rm_conffile /etc/sudoers.d/umask-security-misc ## https://forums.whonix.org/t/allow-loading-signed-kernel-modules-by-default-disallow-kernel-module-loading-by-default/7880/23 rm_conffile /etc/default/grub.d/40_only_allow_signed_modules.cfg + +## https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079 +rm_conffile /etc/sysctl.d/sysrq.conf diff --git a/etc/sysctl.d/sysrq.conf b/etc/sysctl.d/sysrq.conf deleted file mode 100644 index 266e275..0000000 --- a/etc/sysctl.d/sysrq.conf +++ /dev/null @@ -1,2 +0,0 @@ -# Allow only rebooting/shutting down with the SysRq key. -kernel.sysrq=128