The only downside to this is that it breaks perf with non-root users. I don't think this is an issue in OpenWrt.
Signed-off-by: Rosen Penev <ros...@gmail.com> --- package/base-files/files/etc/sysctl.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/package/base-files/files/etc/sysctl.conf b/package/base-files/files/etc/sysctl.conf index ddc7a9bf69..61a43057a1 100644 --- a/package/base-files/files/etc/sysctl.conf +++ b/package/base-files/files/etc/sysctl.conf @@ -2,6 +2,9 @@ kernel.panic=3 kernel.core_pattern=/tmp/%e.%t.%p.%s.core fs.suid_dumpable=2 +#disable kernel pointer access from normal users +kernel.kptr_restrict=1 + net.ipv4.conf.default.arp_ignore=1 net.ipv4.conf.all.arp_ignore=1 net.ipv4.ip_forward=1 -- 2.16.3 _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
