Hi. On Sun, 27 Oct 2013 11:25:15 +0400 Dmitrii Kashin <[email protected]> wrote:
> Sysctl is used in order to give kernel some default parameters to work. > The most common cases to use it: > - to allow packets redirection > - to enable/disable ipv6 support > - to change console behavior and printk output. > ..and so on, so on... > > Do you really need some of this? Don't forget restricting mmap from userspace to kernelspace (such mmap lead to NULL-pointer dereferences in kernel in past) with vm.mmap_min_addr. Or, restricted privileges of perf kernel subsystem (local privilege escalation to root) with kernel.perf_event_paranoid. Or, bringing some sanity in virtual memory kernel subsystem with vm.swappiness and vm.dirty_bytes. User may need some of this. Reco -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
