On Sat, Mar 31, 2018 at 5:18 PM, Felix Fietkau <n...@nbd.name> wrote: > On 2018-03-30 15:18, Rosen Penev wrote: >> The only downside to this is that it breaks perf with non-root users. I >> don't think this is an issue in OpenWrt. >> >> Signed-off-by: Rosen Penev <ros...@gmail.com> >> --- >> package/base-files/files/etc/sysctl.conf | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/package/base-files/files/etc/sysctl.conf >> b/package/base-files/files/etc/sysctl.conf >> index ddc7a9bf69..61a43057a1 100644 >> --- a/package/base-files/files/etc/sysctl.conf >> +++ b/package/base-files/files/etc/sysctl.conf >> @@ -2,6 +2,9 @@ kernel.panic=3 >> kernel.core_pattern=/tmp/%e.%t.%p.%s.core >> fs.suid_dumpable=2 >> >> +#disable kernel pointer access from normal users >> +kernel.kptr_restrict=1 > NACK. This will probably make some back traces in case of crashes less > useful and thus hurt debugging. > Also, it's completely pointless, since we don't have KALSR and thus the > kernel memory addresses are mostly stable and predictable anyway. > Will drop. > - Felix
_______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev