[LEDE-DEV] [PATCH 2/3] sysctl: Restrict kernel pointer access from normal users.
Rosen Penev
rosenp at gmail.com
Sat Mar 31 17:52:05 PDT 2018
On Sat, Mar 31, 2018 at 5:18 PM, Felix Fietkau <nbd at nbd.name> wrote:
> On 2018-03-30 15:18, Rosen Penev wrote:
>> The only downside to this is that it breaks perf with non-root users. I don't think this is an issue in OpenWrt.
>>
>> Signed-off-by: Rosen Penev <rosenp at gmail.com>
>> ---
>> package/base-files/files/etc/sysctl.conf | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/package/base-files/files/etc/sysctl.conf b/package/base-files/files/etc/sysctl.conf
>> index ddc7a9bf69..61a43057a1 100644
>> --- a/package/base-files/files/etc/sysctl.conf
>> +++ b/package/base-files/files/etc/sysctl.conf
>> @@ -2,6 +2,9 @@ kernel.panic=3
>> kernel.core_pattern=/tmp/%e.%t.%p.%s.core
>> fs.suid_dumpable=2
>>
>> +#disable kernel pointer access from normal users
>> +kernel.kptr_restrict=1
> NACK. This will probably make some back traces in case of crashes less
> useful and thus hurt debugging.
> Also, it's completely pointless, since we don't have KALSR and thus the
> kernel memory addresses are mostly stable and predictable anyway.
>
Will drop.
> - Felix
More information about the Lede-dev
mailing list