Tree - rpms/scap-security-guide

Blob History Raw

		28bffe	`--- /dev/null 2018-09-24 12:07:02.352998857 +0200`
		28bffe	`+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict.rule 2018-08-20 22:58:34.441789550 +0200`
		28bffe	`@@ -0,0 +1,19 @@`
		28bffe	`+documentation_complete: true`
		28bffe	`+`
		28bffe	`+title: 'Restrict exposed kernel pointers addresses access'`
		28bffe	`+`
		28bffe	`+description: '{{{ describe_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}}'`
		28bffe	`+`
		28bffe	`+rationale: \|-`
		28bffe	`+ Exposing kernel pointers (through procfs or <tt>seq_printf()</tt>) exposes`
		28bffe	`+ kernel writeable structures that can contain functions pointers. If a write vulnereability occurs`
		28bffe	`+ in the kernel allowing a write access to any of this structure, the kernel can be compromise. This`
		28bffe	`+ option disallow any program withtout the CAP_SYSLOG capability from getting the kernel pointers addresses,`
		28bffe	`+ replacing them with 0.`
		28bffe	`+`
		28bffe	`+severity: low`
		28bffe	`+`
		28bffe	`+references:`
		28bffe	`+ anssi: NT28(R23)`
		28bffe	`+`
		28bffe	`+{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}}`