]> git.ipfire.org Git - people/pmueller/ipfire-3.x.git/commit
projects / people / pmueller / ipfire-3.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f220ca8) | patch
prevent kernel address space leak via dmesg or /proc files kernel-hardening
authorPeter Müller <peter.mueller@ipfire.org>
Sun, 2 Dec 2018 16:26:17 +0000 (17:26 +0100)
committerPeter Müller <peter.mueller@ipfire.org>
Sun, 2 Dec 2018 16:26:17 +0000 (17:26 +0100)
commitdb7045a1a627cc7144236d18cf7afd163643398c
treeebb0e4a9f4c1f804a574eaf9cc5bc078cb1ad965tree
parentf220ca8b93823b5ce771e95bab7bc5cbf5d97f0acommit | diff
prevent kernel address space leak via dmesg or /proc files

Enable runtime sysctl hardening in order to avoid kernel
addresses being disclosed via dmesg (in case it was built
in without restrictions) or various /proc files.

See https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
for further information.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
setup/setup.nm diff | blob | blame | history
setup/sysctl/hardening.conf [new file with mode: 0644] blob
Peter's tree of IPFire 3.x