Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening
I'd like to propose we consider disabling some dangerous, unmaintained options in the kernel that are being brought to light in this oss-sec discussion:
I'd like to propose we consider disabling some dangerous, unmaintained options in the kernel that are being brought to light in this oss-sec discussion:
https://www.openwall.com/lists/oss-security/2020/07/28/3 https://www.openwall.com/lists/oss-security/2020/07/29/2
Thank you. (Sorry if this is not the right place to suggest config changes.)