Set kptr_restrict to 2.

To make writing kernel exploits harder, set /proc/sys/kernel/kptr_restrict to "2". This prohibits users from accessing kernel symbols via /proc/kallsyms Bug: 5555668 Change-Id: Ib31cb6fcb4d212a0b570ce9e73ae31f721ed801b
author: Nick Kralevich <nnk@google.com> 2011-11-02 08:51:37 -0700
committer: Nick Kralevich <nnk@google.com> 2011-11-02 09:24:27 -0700
commit: 2e7c833279349a694af15f2447cc214dc30bcc01 (patch)
tree: 2d1ec91e99a72741eeb85fa190fcb43983d37c4d /rootdir/init.rc
parent: 06286288ef40837a5ab69fc09871f7d5f45c8bbd (diff)
download: system_core-2e7c833279349a694af15f2447cc214dc30bcc01.zip
system_core-2e7c833279349a694af15f2447cc214dc30bcc01.tar.gz
system_core-2e7c833279349a694af15f2447cc214dc30bcc01.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 3af0943..7031417 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -65,6 +65,7 @@ loglevel 3
     write /proc/sys/kernel/sched_compat_yield 1
     write /proc/sys/kernel/sched_child_runs_first 0
     write /proc/sys/kernel/randomize_va_space 2
+    write /proc/sys/kernel/kptr_restrict 2
 
 # Create cgroup mount points for process groups
     mkdir /dev/cpuctl
author	Nick Kralevich <nnk@google.com>	2011-11-02 08:51:37 -0700
committer	Nick Kralevich <nnk@google.com>	2011-11-02 09:24:27 -0700
commit	2e7c833279349a694af15f2447cc214dc30bcc01 (patch)
tree	2d1ec91e99a72741eeb85fa190fcb43983d37c4d /rootdir/init.rc
parent	06286288ef40837a5ab69fc09871f7d5f45c8bbd (diff)
download	system_core-2e7c833279349a694af15f2447cc214dc30bcc01.zip system_core-2e7c833279349a694af15f2447cc214dc30bcc01.tar.gz system_core-2e7c833279349a694af15f2447cc214dc30bcc01.tar.bz2