summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-includes
diff options
context:
space:
mode:
authoranonym <anonym@riseup.net>2016-05-13 16:16:33 +0200
committeranonym <anonym@riseup.net>2016-05-13 16:16:33 +0200
commit5243e649cb0736c77d7da7051999235f94a1754c (patch)
tree19ee45fb16488024615d4fdd18fef31fb9cc2f50 /config/chroot_local-includes
parent650285ca8d9972605ca8f6499c531e36cae97df4 (diff)
Don't expose kernel memory addresses through /proc etc.
From https://www.kernel.org/doc/Documentation/sysctl/kernel.txt: kptr_restrict: This toggle indicates whether restrictions are placed on exposing kernel addresses via /proc and other interfaces. [...] When kptr_restrict is set to (2), kernel pointers printed using %pK will be replaced with 0's regardless of privileges. Not exposing the kernel memory addresses like that makes sense now that we do not ship the kernel .map files any more. Reds: #10951
Diffstat (limited to 'config/chroot_local-includes')
-rw-r--r--config/chroot_local-includes/etc/sysctl.d/kptr_restrict.conf1
1 files changed, 1 insertions, 0 deletions
diff --git a/config/chroot_local-includes/etc/sysctl.d/kptr_restrict.conf b/config/chroot_local-includes/etc/sysctl.d/kptr_restrict.conf
new file mode 100644
index 0000000..a1e18e8
--- /dev/null
+++ b/config/chroot_local-includes/etc/sysctl.d/kptr_restrict.conf
@@ -0,0 +1 @@
+kernel.kptr_restrict=2