Blame SOURCES/scap-security-guide-0.1.41-kptr_restrict.patch

7629ac
--- /dev/null   2018-09-24 12:07:02.352998857 +0200
7629ac
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict.rule      2018-08-20 22:58:34.441789550 +0200
7629ac
@@ -0,0 +1,19 @@
7629ac
+documentation_complete: true
7629ac
+
7629ac
+title: 'Restrict exposed kernel pointers addresses access'
7629ac
+
7629ac
+description: '{{{ describe_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}}'
7629ac
+
7629ac
+rationale: |-
7629ac
+    Exposing kernel pointers (through procfs or <tt>seq_printf()</tt>) exposes
7629ac
+    kernel writeable structures that can contain functions pointers. If a write vulnereability occurs
7629ac
+    in the kernel allowing a write access to any of this structure, the kernel can be compromise. This
7629ac
+    option disallow any program withtout the CAP_SYSLOG capability from getting the kernel pointers addresses,
7629ac
+    replacing them with 0.
7629ac
+
7629ac
+severity: low
7629ac
+
7629ac
+references:
7629ac
+    anssi: NT28(R23)
7629ac
+
7629ac
+{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}}