On 2018-03-30 15:18, Rosen Penev wrote: > The only downside to this is that it breaks perf with non-root users. I don't > think this is an issue in OpenWrt. > > Signed-off-by: Rosen Penev <ros...@gmail.com> > --- > package/base-files/files/etc/sysctl.conf | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/package/base-files/files/etc/sysctl.conf > b/package/base-files/files/etc/sysctl.conf > index ddc7a9bf69..61a43057a1 100644 > --- a/package/base-files/files/etc/sysctl.conf > +++ b/package/base-files/files/etc/sysctl.conf > @@ -2,6 +2,9 @@ kernel.panic=3 > kernel.core_pattern=/tmp/%e.%t.%p.%s.core > fs.suid_dumpable=2 > > +#disable kernel pointer access from normal users > +kernel.kptr_restrict=1 NACK. This will probably make some back traces in case of crashes less useful and thus hurt debugging. Also, it's completely pointless, since we don't have KALSR and thus the kernel memory addresses are mostly stable and predictable anyway.
- Felix _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
