security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00

Author	SHA1	Message	Date
raja-grewal	81bf7a8f90	Merge branch 'Kicksecure:master' into docs	2024-08-16 16:57:01 +10:00
Patrick Schleizer	ef60c5b153	Merge pull request #249 from raja-grewal/binfmt_misc Disallow registering interpreters for miscellaneous binary formats	2024-08-16 02:43:57 -04:00
Raja Grewal	84376d23fc	Add details on ASLR and move to user space section	2024-08-16 13:39:11 +10:00
Raja Grewal	a132980023	Update README.md	2024-08-16 13:24:25 +10:00
Raja Grewal	9212a4e937	Typos	2024-08-16 13:12:07 +10:00
Raja Grewal	e3a3207a44	Clarify DMA hardening	2024-08-16 12:41:36 +10:00
raja-grewal	be9308e490	Merge branch 'Kicksecure:master' into docs	2024-08-16 11:45:43 +10:00
Patrick Schleizer	dfd1c97168	Merge pull request #248 from raja-grewal/secure_redirects Re-enable (default) `secure_redirects` for ICMP redirect messages	2024-08-15 13:46:30 -04:00
Raja Grewal	326d82a9be	Revert "Provide optional `sysctl fs.binfmt_misc.status=0`" This reverts commit `debd7a7b7a`.	2024-08-15 11:46:56 +10:00
Raja Grewal	3456f1c1d7	Minor consistency update in README.md	2024-08-09 13:39:25 +10:00
Raja Grewal	0b0683499a	Consistent line length formatting	2024-08-09 13:30:39 +10:00
Raja Grewal	ec3038c7bc	Clarify `secure_redirects`	2024-08-07 13:48:53 +10:00
Raja Grewal	debd7a7b7a	Provide optional `sysctl fs.binfmt_misc.status=0`	2024-08-07 13:33:44 +10:00
Patrick Schleizer	a25aaf900a	Merge pull request #260 from raja-grewal/vdso32 Enable `vdso32=0`	2024-08-06 09:55:20 -04:00
Patrick Schleizer	6bc039a430	Merge pull request #259 from raja-grewal/kfence Enable `kfence.sample_interval=100`	2024-08-06 09:52:56 -04:00
Patrick Schleizer	ce60d5615f	Merge pull request #258 from raja-grewal/legacy_tiocsti Enable `dev.tty.legacy_tiocsti=0`	2024-08-06 09:48:08 -04:00
Raja Grewal	8559079312	Enable `vdso32=0`	2024-08-05 15:10:02 +10:00
Raja Grewal	d102ec1997	Enable `kfence.sample_interval=100`	2024-08-05 15:07:56 +10:00
Raja Grewal	c0d140f221	Enable `dev.tty.legacy_tiocsti=0`	2024-08-05 15:06:34 +10:00
Raja Grewal	aa34d86598	Enable `slab_debug=FZ`	2024-08-05 14:27:17 +10:00
Patrick Schleizer	725118c575	Merge pull request #243 from raja-grewal/namespaces Restrict unprivileged user namespaces	2024-08-04 16:19:52 -04:00
Patrick Schleizer	6d97408a6d	Merge pull request #255 from raja-grewal/SLUB Restore option to enable `slub_debug=FZ`	2024-08-04 16:11:46 -04:00
Raja Grewal	22b6cee80c	Add details about `slub_debug`	2024-08-03 15:11:14 +10:00
Raja Grewal	b77d1a2b98	Revert "Remove the optional `slub_debug` parameter since it is no longer recommended" This reverts commit `48e1ac4163`.	2024-08-03 14:49:48 +10:00
Raja Grewal	ca2179bb6a	Provide the option to disable legacy TIOCSTI operation	2024-08-03 00:25:49 +10:00
Raja Grewal	52aeacb4da	Provide option to disable 32 bit vDSO mappings	2024-08-03 00:13:38 +10:00
Raja Grewal	9099ecce8a	Provide option to enable the kernel Electric-Fence	2024-08-03 00:12:50 +10:00
Raja Grewal	1445457626	Show details regarding `secure_redirects` (again)	2024-07-27 14:00:30 +10:00
Patrick Schleizer	886f6095db	Merge pull request #250 from raja-grewal/Panik-Kalm Add details on "oopes" and kernel panics	2024-07-26 11:08:30 -04:00
Raja Grewal	ed3336694c	Provide the option to immediately reboot on a kernel panics	2024-07-25 10:28:27 +10:00
Raja Grewal	3926b91dcf	Add documentation on `sysctl kernel.panic_on_oops=1`	2024-07-25 10:26:23 +10:00
Raja Grewal	f699eb02a2	Set `sysctl fs.binfmt_misc.status=0`	2024-07-25 10:11:33 +10:00
Raja Grewal	88c88187f2	Re-enable (default) `secure_redirects` for ICMP redirect messages	2024-07-24 17:26:50 +10:00
Raja Grewal	fb494c2ba5	Update docs relating to the `cfi=kcfi` kernel parameter	2024-07-23 13:12:13 +10:00
Raja Grewal	d6fc71dba7	Add option to switch (back) to using kCFI in the future	2024-07-22 17:26:00 +10:00
Patrick Schleizer	9f53a0182b	undo io_uring related changes as these should be done in a separate pull request (if apprpriate) https://github.com/Kicksecure/security-misc/pull/244#issuecomment-2238889062	2024-07-19 07:20:59 -04:00
Raja Grewal	95286df502	Update README.md regarding secure ICMP redirects	2024-07-18 15:28:31 +10:00
Raja Grewal	13cc1f0986	Clarify (future) disabling of `io_uring`	2024-07-18 12:25:00 +10:00
Raja Grewal	9e6facda70	Update module disabling presentation	2024-07-18 12:21:37 +10:00
Raja Grewal	faa9181a6c	Typos	2024-07-18 12:19:27 +10:00
Raja Grewal	6d211faf59	Restrict unprivileged user namespaces	2024-07-18 11:04:54 +10:00
Patrick Schleizer	5cec685cf9	spelling	2024-07-17 10:49:21 -04:00
Patrick Schleizer	821a416fe3	spelling	2024-07-17 10:43:16 -04:00
Patrick Schleizer	0da22c2031	minor	2024-07-17 09:07:31 -04:00
Patrick Schleizer	df80385289	Merge pull request #237 from raja-grewal/intel_pmt Disable some Intel PMT kernel modules	2024-07-17 09:04:18 -04:00
Patrick Schleizer	afe3c25a49	update readme https://github.com/Kicksecure/security-misc/issues/239	2024-07-17 08:58:00 -04:00
Patrick Schleizer	f7772fb85a	minor	2024-07-17 08:57:35 -04:00
Patrick Schleizer	a2802f352f	Merge remote-tracking branch 'raja/kargs'	2024-07-17 08:38:23 -04:00
Patrick Schleizer	070bb46a08	Merge remote-tracking branch 'raja/sysctl'	2024-07-17 08:02:45 -04:00
Patrick Schleizer	cf5f0edbb8	Merge remote-tracking branch 'raja/sysctl'	2024-07-17 07:59:35 -04:00

1 2 3 4

195 Commits