`hide-hardware-info.service`: hide `/proc/dynamic_debug/`

Kicksecure / security-misc

Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure.com/wiki/Security-misc

https://www.kicksecure.com/wiki/Impressum

Other

479 stars 52 forks source link

`hide-hardware-info.service`: hide `/proc/dynamic_debug/` #207

Open wryMitts opened 4 months ago

wryMitts commented 4 months ago

This is a file I would normally expect to be restricted by kernel.dmesg_restrict = 1 yet I can still read it on my system. Leaks hardware info, kernel module info.

Permissions of this file /proc/dynamic_debug/control are 644.

adrelanos commented 3 months ago

Might get fixed if the following feature was implemented:

https://github.com/Kicksecure/security-misc/issues/205