Blame SOURCES/scap-security-guide-0.1.41-kptr_restrict.patch

28bffe
--- /dev/null   2018-09-24 12:07:02.352998857 +0200
28bffe
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict.rule      2018-08-20 22:58:34.441789550 +0200
28bffe
@@ -0,0 +1,19 @@
28bffe
+documentation_complete: true
28bffe
+
28bffe
+title: 'Restrict exposed kernel pointers addresses access'
28bffe
+
28bffe
+description: '{{{ describe_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}}'
28bffe
+
28bffe
+rationale: |-
28bffe
+    Exposing kernel pointers (through procfs or <tt>seq_printf()</tt>) exposes
28bffe
+    kernel writeable structures that can contain functions pointers. If a write vulnereability occurs
28bffe
+    in the kernel allowing a write access to any of this structure, the kernel can be compromise. This
28bffe
+    option disallow any program withtout the CAP_SYSLOG capability from getting the kernel pointers addresses,
28bffe
+    replacing them with 0.
28bffe
+
28bffe
+severity: low
28bffe
+
28bffe
+references:
28bffe
+    anssi: NT28(R23)
28bffe
+
28bffe
+{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}}