[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 25 Jan 2020 13:10:58 +0000
From: Patrick Schleizer <adrelanos@...eup.net>
To: lkrg-users@...ts.openwall.com
Subject: Re: UMH blocked when though lkrg.block_modules = 0
Solar Designer:
> As you can see, even the value 0 does not fully disable the UMH lock-down.
Understood. (The documentation was very clear but I forgot that when
looking at umh_lock only.)
>> It was probably caused by sysctl "kernel.core_pattern=|/bin/false".
>
> Is this a distro's default? Which distro is that?
Whonix / Kicksecure default.
> Adam, I think you might want to make two changes:
>
> 1. Add /bin/false to the whitelist.
Please also consider:
/bin/true (for consistency)
/lib/systemd/systemd-coredump
The Debian buster default:
core
sudo sysctl -a | grep pattern
kernel.core_pattern = core
> 2. Replace lkrg.umh_lock with a new sysctl called lkrg.enforce_umh with
> 3 possible settings: 0 to completely disable the UMH lock-down (which we
> currently have no setting for), 1 same as lkrg.umh_lock = 0, and 2 same
> as lkrg.umh_lock = 1. The default can be lkrg.enforce_umh = 1, which
> will match the current default. This change will also bring us closer
> to a consistent naming scheme and semantics of the sysctl's, which
> you've just started with the recent additions to support VirtualBox.
Sounds great!
Kind regards,
Patrick
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
