mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-23 01:13:40 +07:00
Code Issues Packages Projects Releases Wiki Activity

merge

Browse Source
This commit is contained in:
Patrick Schleizer 2019-12-23 03:37:28 -05:00
parent 535c258b83
commit 1ff51ee061
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
debian/control vendored
View File

@ -56,7 +56,9 @@ Description: enhances misc security settings
* Slab merging is disabled as sometimes a slab can be used in a vulnerable
way which an attacker can exploit.
.
* Sanity checks, redzoning, and memory poisoning are enabled.
* Sanity checks and redzoning are enabled.
.
* Memory zeroing at allocation and free time is enabled.
.
* Machine checks (MCE) are disabled which makes the kernel panic
on uncorrectable errors in ECC memory that could be exploited.
@ -106,6 +108,14 @@ Description: enhances misc security settings
.
* The MSR kernel module is blacklisted to prevent CPU MSRs from being
abused to write to arbitrary memory.
.
* Vsyscalls are disabled as they are obsolete, are at fixed addresses and are
a target for ROP.
.
* Page allocator freelist randomization is enabled.
.
* Kernel lockdown is enabled.
.
.
Improve Entropy Collection
.