Tree - rpms/scap-security-guide

Forked from rpms/scap-security-guide 3 years ago

Blob History Raw

		7629ac	`--- /dev/null 2018-09-24 12:07:02.352998857 +0200`
		7629ac	`+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict.rule 2018-08-20 22:58:34.441789550 +0200`
		7629ac	`@@ -0,0 +1,19 @@`
		7629ac	`+documentation_complete: true`
		7629ac	`+`
		7629ac	`+title: 'Restrict exposed kernel pointers addresses access'`
		7629ac	`+`
		7629ac	`+description: '{{{ describe_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}}'`
		7629ac	`+`
		7629ac	`+rationale: \|-`
		7629ac	`+ Exposing kernel pointers (through procfs or <tt>seq_printf()</tt>) exposes`
		7629ac	`+ kernel writeable structures that can contain functions pointers. If a write vulnereability occurs`
		7629ac	`+ in the kernel allowing a write access to any of this structure, the kernel can be compromise. This`
		7629ac	`+ option disallow any program withtout the CAP_SYSLOG capability from getting the kernel pointers addresses,`
		7629ac	`+ replacing them with 0.`
		7629ac	`+`
		7629ac	`+severity: low`
		7629ac	`+`
		7629ac	`+references:`
		7629ac	`+ anssi: NT28(R23)`
		7629ac	`+`
		7629ac	`+{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}}`