]> git.ipfire.org Git - ipfire-3.x.git/commit
projects / ipfire-3.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 26707c0) | patch
prevent kernel address space leak via dmesg or /proc files
authorPeter Müller <peter.mueller@link38.eu>
Thu, 3 Jan 2019 17:05:40 +0000 (18:05 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Thu, 3 Jan 2019 16:31:52 +0000 (16:31 +0000)
commit5c62e4739107a7bb167c31c0f353f1ff8a150f2d
treeb6571c68db35af7a9a405a8a9bd7b53df98dfd7etree | snapshot
parent26707c0aeb54d8ab47c5e684ef99367e73834e19commit | diff
prevent kernel address space leak via dmesg or /proc files

Enable runtime sysctl hardening in order to avoid kernel
addresses being disclosed via dmesg (in case it was built
in without restrictions) or various /proc files.

See https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
for further information.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
setup/setup.nm diff | blob | blame | history
setup/sysctl/kernel-hardening.conf [new file with mode: 0644] blob
IPFire 3.x development tree