search

Kicksecure / security-misc

Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure.com/wiki/Security-misc
https://www.kicksecure.com/wiki/Impressum
Other
517 stars 51 forks source link

Set `sysctl vm.mmap_min_addr=65536` #265

Closed raja-grewal closed 2 months ago

raja-grewal commented 3 months ago

This pull request sets sysctl vm.mmap_min_addr=65536 as per the KSPP recommendations .

Changes

Set sysctl vm.mmap_min_addr=65536.

Mandatory Checklist

Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint

Optional Checklist

The following items are optional but might be requested in certain cases.

adrelanos commented 3 months ago

Where is the number 65536 coming from? Could you document this in the PR please?

raja-grewal commented 3 months ago

Sure, the 64KB size comes from the current recommendation from the KSPP:

# Disallow allocating the first 64k of memory.
CONFIG_DEFAULT_MMAP_MIN_ADDR=65536

This is also highlighted in the commit.