Commit Graph

2318 Commits

Author SHA1 Message Date
Patrick Schleizer
ced02fb9e0
add sanity test for file_name output from stat 2024-07-24 11:01:24 -04:00
Patrick Schleizer
b9dfe70a01
check first if file_name is empty 2024-07-24 10:58:05 -04:00
Patrick Schleizer
1cbda79981
check first if array is empty before parsing further 2024-07-24 10:57:13 -04:00
Patrick Schleizer
a077ae54ea
modify call of stat to use NUL delimiter
for more robust string parsing
2024-07-24 10:56:08 -04:00
Raja Grewal
1135d34ab3
Reword description of cfi=kcfi kerenel parameter 2024-07-24 23:33:36 +10:00
Patrick Schleizer
7200e9bd8c
output 2024-07-24 09:15:02 -04:00
Patrick Schleizer
1b6161c2dc
Merge remote-tracking branch 'ben-grande/fuzz' 2024-07-24 09:13:48 -04:00
Raja Grewal
88c88187f2
Re-enable (default) secure_redirects for ICMP redirect messages 2024-07-24 17:26:50 +10:00
Ben Grande
8be21b6eff
Handle newlines in file names 2024-07-23 19:36:12 +02:00
Ben Grande
aa99de68d3
Log output with defined levels 2024-07-23 18:50:16 +02:00
Ben Grande
06fbcdac1d
Prettify log messages 2024-07-23 09:55:02 +02:00
Raja Grewal
fb494c2ba5
Update docs relating to the cfi=kcfi kernel parameter 2024-07-23 13:12:13 +10:00
Ben Grande
7ee1ea2cc7
Unify functions that evaluate commands 2024-07-22 17:06:07 +02:00
Ben Grande
9c3566f524
Delimit file names with null terminator 2024-07-22 16:56:42 +02:00
Raja Grewal
d6fc71dba7
Add option to switch (back) to using kCFI in the future 2024-07-22 17:26:00 +10:00
Patrick Schleizer
d2563ed923
bumped changelog version 2024-07-21 10:40:14 +00:00
Patrick Schleizer
64f8b2eb58
Revert "no longer disable Intel ME related kernel modules"
This reverts commit 6157e328f4.

https://www.kicksecure.com/wiki/Out-of-band_Management_Technology#Intel_ME_Kernel_Modules

https://github.com/Kicksecure/security-misc/issues/239
2024-07-21 06:36:22 -04:00
Patrick Schleizer
04fb00572f
bumped changelog version 2024-07-20 17:02:05 +00:00
Patrick Schleizer
f0a478c7c9
permission hardener: allow postfix
postqueue matchwhitelist
postdrop matchwhitelist
2024-07-20 12:57:56 -04:00
Patrick Schleizer
9f53a0182b
undo io_uring related changes
as these should be done in a separate pull request (if apprpriate)

https://github.com/Kicksecure/security-misc/pull/244#issuecomment-2238889062
2024-07-19 07:20:59 -04:00
Patrick Schleizer
8791aecb38
Merge remote-tracking branch 'raja/fixes' 2024-07-19 07:19:09 -04:00
Raja Grewal
06894d1c98
Typo 2024-07-19 18:30:42 +10:00
Patrick Schleizer
2d11436432
bumped changelog version 2024-07-18 18:05:07 +00:00
Patrick Schleizer
cac5bbad99
comment 2024-07-18 14:04:00 -04:00
Patrick Schleizer
a5eed00eba
cleanup comments 2024-07-18 14:02:38 -04:00
Patrick Schleizer
21efacf1b1
cleanup duplicate comments which are already in /etc/dkms/framework.conf 2024-07-18 14:00:28 -04:00
Patrick Schleizer
61628c2baf
bumped changelog version 2024-07-18 14:11:35 +00:00
Patrick Schleizer
05cf438199
no comments / copyright allowed in .displace-extension 2024-07-18 10:11:03 -04:00
Patrick Schleizer
2ccc95f6d4
bumped changelog version 2024-07-18 14:05:23 +00:00
Raja Grewal
95286df502
Update README.md regarding secure ICMP redirects 2024-07-18 15:28:31 +10:00
Raja Grewal
13cc1f0986
Clarify (future) disabling of io_uring 2024-07-18 12:25:00 +10:00
Raja Grewal
9e6facda70
Update module disabling presentation 2024-07-18 12:21:37 +10:00
Raja Grewal
faa9181a6c
Typos 2024-07-18 12:19:27 +10:00
Raja Grewal
6d211faf59
Restrict unprivileged user namespaces 2024-07-18 11:04:54 +10:00
Raja Grewal
b04828f858
Disable the usage of ptrace() by all processes 2024-07-18 11:01:41 +10:00
Patrick Schleizer
d454f36c63
spelling 2024-07-17 11:52:29 -04:00
Patrick Schleizer
f4da582aa3
spelling 2024-07-17 11:44:17 -04:00
Patrick Schleizer
9e976474d5
spelling 2024-07-17 11:40:51 -04:00
Patrick Schleizer
b569fc02a4
spelling 2024-07-17 11:38:53 -04:00
Patrick Schleizer
a2e26f441b
spelling 2024-07-17 11:04:03 -04:00
Patrick Schleizer
c8be4ac83c
comment 2024-07-17 10:56:14 -04:00
Patrick Schleizer
24cd70a014
spelling 2024-07-17 10:55:12 -04:00
Patrick Schleizer
5cec685cf9
spelling 2024-07-17 10:49:21 -04:00
Patrick Schleizer
821a416fe3
spelling 2024-07-17 10:43:16 -04:00
Patrick Schleizer
9a387f95e9
Merge remote-tracking branch 'raja/miscellaneous' 2024-07-17 10:32:26 -04:00
Patrick Schleizer
fd41acdc72
Merge remote-tracking branch 'raja/fack_off' 2024-07-17 10:27:31 -04:00
Raja Grewal
4afe257a42
minor 2024-07-18 00:14:13 +10:00
Raja Grewal
d0a59617f6
Add missing Copyright (C) statements 2024-07-18 00:13:30 +10:00
Raja Grewal
8f3896c3da
Upgrade hyperlinks to HTTPS 2024-07-17 23:44:37 +10:00
Raja Grewal
1087387b36
Remove obsolete #net.ipv4.tcp_fack=0 2024-07-17 23:35:25 +10:00