Revert "sysctl.conf: prevent autoloading of TTY line disciplines"

author Michael Tremer <michael.tremer@ipfire.org>

Tue, 6 Oct 2020 12:26:26 +0000 (12:26 +0000)

committer Michael Tremer <michael.tremer@ipfire.org>

Tue, 6 Oct 2020 12:26:26 +0000 (12:26 +0000)
author Michael Tremer <michael.tremer@ipfire.org>
Tue, 6 Oct 2020 12:26:26 +0000 (12:26 +0000)
committer Michael Tremer <michael.tremer@ipfire.org>
Tue, 6 Oct 2020 12:26:26 +0000 (12:26 +0000)
diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf

index a100da8e946aa1a454301cab13aed18484f909c1..be7c07c857daafe58bbf67b11b4d026a54346a1a 100644 (file)
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -39,10 +39,6 @@ net.bridge.bridge-nf-call-ip6tables = 0
  net.bridge.bridge-nf-call-iptables = 0
  net.bridge.bridge-nf-call-arptables = 0
  
-# Restrict loading TTY line disciplines to CAP_SYS_MODULE to prevent unprivileged attackers
-# from loading vulnerable line disciplines with the TIOCSETD ioctl.
-dev.tty.ldisc_autoload = 0
-
  # Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc).
  kernel.kptr_restrict = 2
author	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 6 Oct 2020 12:26:26 +0000 (12:26 +0000)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 6 Oct 2020 12:26:26 +0000 (12:26 +0000)