Blob Blame History Raw
--- /dev/null   2018-09-24 12:07:02.352998857 +0200
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict.rule      2018-08-20 22:58:34.441789550 +0200
@@ -0,0 +1,19 @@
+documentation_complete: true
+
+title: 'Restrict exposed kernel pointers addresses access'
+
+description: '{{{ describe_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}}'
+
+rationale: |-
+    Exposing kernel pointers (through procfs or <tt>seq_printf()</tt>) exposes
+    kernel writeable structures that can contain functions pointers. If a write vulnereability occurs
+    in the kernel allowing a write access to any of this structure, the kernel can be compromise. This
+    option disallow any program withtout the CAP_SYSLOG capability from getting the kernel pointers addresses,
+    replacing them with 0.
+
+severity: low
+
+references:
+    anssi: NT28(R23)
+
+{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}}