Hide kernel pointers for unprivileged users via kptr_restrict

2013-07-31 16:10:13 +02:00 · 2013-07-31 16:10:13 +02:00 · 39f67d9d38
commit 39f67d9d38
parent 7bd50185ff
1 changed files with 4 additions and 0 deletions
--- a/modules/config/sysctl.nix
+++ b/modules/config/sysctl.nix
@ -60,6 +60,10 @@ in
    boot.kernel.sysctl."fs.protected_hardlinks" = true;
    boot.kernel.sysctl."fs.protected_symlinks" = true;

+    # Hide kernel pointers (e.g. in /proc/modules) for unprivileged
+    # users as these make it easier to exploit kernel vulnerabilities.
+    boot.kernel.sysctl."kernel.kptr_restrict" = 1;
+
  };

 }