swendel/nixpkgs
1
0
Fork 0
mirror of https://github.com/SebastianWendel/nixpkgs.git synced 2024-09-20 12:29:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Hide kernel pointers for unprivileged users via kptr_restrict

Browse source
This commit is contained in:
Eelco Dolstra 2013-07-31 16:10:13 +02:00
parent 7bd50185ff
commit 39f67d9d38
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
modules/config/sysctl.nix
View file

@ -60,6 +60,10 @@ in
boot.kernel.sysctl."fs.protected_hardlinks" = true;
boot.kernel.sysctl."fs.protected_symlinks" = true;
# Hide kernel pointers (e.g. in /proc/modules) for unprivileged
# users as these make it easier to exploit kernel vulnerabilities.
boot.kernel.sysctl."kernel.kptr_restrict" = 1;
};
}