webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 11:43:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

sysctl.conf: prevent autoloading of TTY line disciplines

Browse Source 
This reverts commit a9d90b1b3f.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2021-04-06 10:13:38 +00:00
parent cc41f7a09b
commit 4d622b7ebe
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config/etc/sysctl.conf
View File

@@ -39,6 +39,10 @@ net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
# Restrict loading TTY line disciplines to CAP_SYS_MODULE to prevent unprivileged attackers
# from loading vulnerable line disciplines with the TIOCSETD ioctl.
dev.tty.ldisc_autoload = 0
# Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc).
kernel.kptr_restrict = 2