--- /dev/null 2018-09-24 12:07:02.352998857 +0200
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict.rule 2018-08-20 22:58:34.441789550 +0200
@@ -0,0 +1,19 @@
+documentation_complete: true
+
+title: 'Restrict exposed kernel pointers addresses access'
+description: '{{{ describe_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}}'
+rationale: |-
+ Exposing kernel pointers (through procfs or <tt>seq_printf()</tt>) exposes
+ kernel writeable structures that can contain functions pointers. If a write vulnereability occurs
+ in the kernel allowing a write access to any of this structure, the kernel can be compromise. This
+ option disallow any program withtout the CAP_SYSLOG capability from getting the kernel pointers addresses,
+ replacing them with 0.
+severity: low
+references:
+ anssi: NT28(R23)
+{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}}