webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-05-01 07:50:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

Revert "sysctl.conf: prevent autoloading of TTY line disciplines"

Browse Source 
This reverts commit 14c65ab71c.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2020-10-06 12:26:26 +00:00
parent 42fca29033
commit a9d90b1b3f
1 changed files with 0 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config/etc/sysctl.conf
View File

@@ -39,10 +39,6 @@ net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0 net.bridge.bridge-nf-call-arptables = 0
# Restrict loading TTY line disciplines to CAP_SYS_MODULE to prevent unprivileged attackers
# from loading vulnerable line disciplines with the TIOCSETD ioctl.
dev.tty.ldisc_autoload = 0
# Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc). # Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc).
kernel.kptr_restrict = 2 kernel.kptr_restrict = 2