Peter Müller 14c65ab71c sysctl.conf: prevent autoloading of TTY line disciplines ...

Malicious/vulnerable TTY line disciplines have been subject of some
kernel exploits such as CVE-2017-2636, and since - to put it in Greg
Kroah-Hatrman's words - we do not "trust the userspace to do the right
thing", this reduces local kernel attack surface.

Further, there is no legitimate reason why an unprivileged user should
load kernel modules during runtime, anyway.

See also:
- https://lkml.org/lkml/2019/4/15/890
- https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

2020-10-06 12:04:14 +00:00

config

sysctl.conf: prevent autoloading of TTY line disciplines

2020-10-06 12:04:14 +00:00

doc

Update French translation

2020-09-30 10:26:33 +00:00

html

Update contributors

2020-09-30 10:30:14 +00:00

langs

Update French translation

2020-09-30 10:26:33 +00:00

lfs

freeradius: Update to version 3.0.21

2020-10-02 14:59:23 +00:00

src

iptraf-ng: Update to version 1.2.1

2020-09-30 09:58:51 +00:00

tools

make.sh: Add command to find dependencies

2020-05-17 08:04:47 +00:00

.gitignore

.gitignore: Ignore some backup files

2019-05-24 06:30:46 +01:00

.mailmap

Update contributors

2020-09-30 10:30:14 +00:00

make.sh

Start Core Update 152

2020-10-06 12:03:34 +00:00

Description

No description provided

101 MiB

Languages

Perl 70.4%

Shell 23%

C 4%

Python 0.6%

Makefile 0.5%

Other 1.4%