public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Hide kernel pointers for unprivileged users via kptr_restrict

Browse Source
This commit is contained in:
Eelco Dolstra 2013-07-31 16:10:13 +02:00
parent 7bd50185ff
commit 39f67d9d38
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/config/sysctl.nix
View File

@ -60,6 +60,10 @@ in
boot.kernel.sysctl."fs.protected_hardlinks" = true; boot.kernel.sysctl."fs.protected_hardlinks" = true;
boot.kernel.sysctl."fs.protected_symlinks" = true; boot.kernel.sysctl."fs.protected_symlinks" = true;
# Hide kernel pointers (e.g. in /proc/modules) for unprivileged
# users as these make it easier to exploit kernel vulnerabilities.
boot.kernel.sysctl."kernel.kptr_restrict" = 1;
}; };
} }