Think about kptr_restrict later (KSPP recommends to set it to 1)

author Alexander Popov <alex.popov@linux.com>

Sat, 19 Jun 2021 11:49:03 +0000 (14:49 +0300)

committer Alexander Popov <alex.popov@linux.com>

Sat, 19 Jun 2021 11:49:03 +0000 (14:49 +0300)
author Alexander Popov <alex.popov@linux.com>
Sat, 19 Jun 2021 11:49:03 +0000 (14:49 +0300)
committer Alexander Popov <alex.popov@linux.com>
Sat, 19 Jun 2021 11:49:03 +0000 (14:49 +0300)
diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py

index 563091cd77abb9727e8b647fc59847bd1245bcaa..42d3eebdab15c2dd35b865832be708cb88251048 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -35,7 +35,7 @@
  #           ssbd=force-on
  #
  # N.B. Hardening sysctls:
-#    kernel.kptr_restrict=2
+#    kernel.kptr_restrict=2 (or 1?)
  #    kernel.dmesg_restrict=1
  #    kernel.perf_event_paranoid=3
  #    kernel.kexec_load_disabled=1
author	Alexander Popov <alex.popov@linux.com>
	Sat, 19 Jun 2021 11:49:03 +0000 (14:49 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Sat, 19 Jun 2021 11:49:03 +0000 (14:49 +0300)