New option with grsecurity-3.1-4.4.2-201602182048.patch, you can add:
# Disallow unprivileged use of command injection
kernel.grsecurity.harden_tty = 1
--
Best regards,
HacKurx (Loic)
2016-02-01 16:00 GMT+01:00 HacKurx:
>>> 3] Consider adding in postinst "usermod -aG grsec-tpe root ||true" for
>>> avoid many problems (systemd).
>>
>> That doesn't look like a good idea at first sight. First, I'm unsure if TPE
>> restriction apply to uid 0 (and if adding it to grsec-tpe will
I just saw the changes in your recent release. I still have a few remarks:
1] Recommendation from compatibility with ubuntu system: Rename
grsec.conf to 10-grsec.conf or 30-grsec.conf view /etc/sysctl.d/README
(ubuntu procps).
2] chmod 600 if possible! if an attacker access in system (system
On lun., 2016-02-01 at 15:08 +0100, HacKurx wrote:
> I just saw the changes in your recent release. I still have a few remarks:
>
> 1] Recommendation from compatibility with ubuntu system: Rename
> grsec.conf to 10-grsec.conf or 30-grsec.conf view /etc/sysctl.d/README
> (ubuntu procps).
Can you
2016-02-01 15:32 GMT+01:00 Yves-Alexis Perez :
> On lun., 2016-02-01 at 15:08 +0100, HacKurx wrote:
>> I just saw the changes in your recent release. I still have a few remarks:
>>
>> 1] Recommendation from compatibility with ubuntu system: Rename
>> grsec.conf to 10-grsec.conf
5 matches
Mail list logo