[LEDE-DEV] [PATCH 2/3] sysctl: Restrict kernel pointer access from normal users.
Felix Fietkau
nbd at nbd.name
Sat Mar 31 17:18:09 PDT 2018
On 2018-03-30 15:18, Rosen Penev wrote:
> The only downside to this is that it breaks perf with non-root users. I don't think this is an issue in OpenWrt.
>
> Signed-off-by: Rosen Penev <rosenp at gmail.com>
> ---
> package/base-files/files/etc/sysctl.conf | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/package/base-files/files/etc/sysctl.conf b/package/base-files/files/etc/sysctl.conf
> index ddc7a9bf69..61a43057a1 100644
> --- a/package/base-files/files/etc/sysctl.conf
> +++ b/package/base-files/files/etc/sysctl.conf
> @@ -2,6 +2,9 @@ kernel.panic=3
> kernel.core_pattern=/tmp/%e.%t.%p.%s.core
> fs.suid_dumpable=2
>
> +#disable kernel pointer access from normal users
> +kernel.kptr_restrict=1
NACK. This will probably make some back traces in case of crashes less
useful and thus hurt debugging.
Also, it's completely pointless, since we don't have KALSR and thus the
kernel memory addresses are mostly stable and predictable anyway.
- Felix
More information about the Lede-dev
mailing list