[LEDE-DEV] [PATCH 2/3] sysctl: Restrict kernel pointer access from normal users.
Rosen Penev
rosenp at gmail.com
Fri Mar 30 15:18:03 PDT 2018
The only downside to this is that it breaks perf with non-root users. I don't think this is an issue in OpenWrt.
Signed-off-by: Rosen Penev <rosenp at gmail.com>
---
package/base-files/files/etc/sysctl.conf | 3 +++
1 file changed, 3 insertions(+)
diff --git a/package/base-files/files/etc/sysctl.conf b/package/base-files/files/etc/sysctl.conf
index ddc7a9bf69..61a43057a1 100644
--- a/package/base-files/files/etc/sysctl.conf
+++ b/package/base-files/files/etc/sysctl.conf
@@ -2,6 +2,9 @@ kernel.panic=3
kernel.core_pattern=/tmp/%e.%t.%p.%s.core
fs.suid_dumpable=2
+#disable kernel pointer access from normal users
+kernel.kptr_restrict=1
+
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.ip_forward=1
--
2.16.3
More information about the Lede-dev
mailing list