wryMitts
wryMitts
This is the script I use to prevent failures on startup when using proc-hidepid.service I've had this configuration running for over a year now on a server host system, and...
This is a file I would normally expect to be restricted by `kernel.dmesg_restrict = 1` yet I can still read it on my system. Leaks hardware info, kernel module info....
pam-tmpdir-helper breaks certain initramfs-update actions on systems with noexec on the /tmp mount
### The Bug Initramfs related bootscripts may not add all dependencies needed for a system to boot when it's build directory has the **noexec** flag. On Kicksecure systems still running...
On Alpine/musl, the buildme.sh script could benefit from a check of extern.h: ``` mv Scan.xsc Scan.c cc -c -Iinclude -Isrc -D_REENTRANT -D_GNU_SOURCE -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -Wdeclaration-after-statement...
Hello, When building on musl/alpine systems, ldconfig is not functional. It is not supposed to be a feature of Musl as seen below https://wiki.musl-libc.org/faq.html#Q:-Where-is-%3Ccode%3Eldconfig%3C/code%3E? When running buildme, ldconfig returns: `illegal...
After reading these conversations, per Torvalds and other devs it seems that XPFO's defense on ret2dir is less of a code execution threat, and more a data exposure threat. The...
Hello, Looks like big change for naming schemes Merged by Torvalds for 6.9 Many options will be renamed, for example: ``` x86/bugs: Rename CONFIG_RETHUNK => CONFIG_MITIGATION_RETHUNK x86/bugs: Rename CONFIG_CPU_SRSO =>...
Hello, please consider these new options Intel's hardware vulnurability for Atom cores; Register File Data Sampling. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html Merged by Torvalds Kconfig ``` +config MITIGATION_RFDS + bool "RFDS Mitigation" + depends...
CONFIG_VMLINUX_MAP generates a system.map file, which contains debugging symbols, and other information that may leak information about the kernel. It is automatically generated with the kernel, and it is delivered...
### Purpose > PQ Resistance? Wasn't a protocol upgrade already merged? - Post-quantum algorithms are still immature on a time scale compared to algorithms such as AES, Diffie-Hellman, and even...