summaryrefslogtreecommitdiffstats
path: root/rootdir
diff options
context:
space:
mode:
authorNick Kralevich <nnk@google.com>2011-11-02 08:51:37 -0700
committerNick Kralevich <nnk@google.com>2011-11-02 09:24:27 -0700
commit2e7c833279349a694af15f2447cc214dc30bcc01 (patch)
tree2d1ec91e99a72741eeb85fa190fcb43983d37c4d /rootdir
parent06286288ef40837a5ab69fc09871f7d5f45c8bbd (diff)
downloadsystem_core-2e7c833279349a694af15f2447cc214dc30bcc01.zip
system_core-2e7c833279349a694af15f2447cc214dc30bcc01.tar.gz
system_core-2e7c833279349a694af15f2447cc214dc30bcc01.tar.bz2
Set kptr_restrict to 2.
To make writing kernel exploits harder, set /proc/sys/kernel/kptr_restrict to "2". This prohibits users from accessing kernel symbols via /proc/kallsyms Bug: 5555668 Change-Id: Ib31cb6fcb4d212a0b570ce9e73ae31f721ed801b
Diffstat (limited to 'rootdir')
-rw-r--r--rootdir/init.rc1
1 files changed, 1 insertions, 0 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 3af0943..7031417 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -65,6 +65,7 @@ loglevel 3
write /proc/sys/kernel/sched_compat_yield 1
write /proc/sys/kernel/sched_child_runs_first 0
write /proc/sys/kernel/randomize_va_space 2
+ write /proc/sys/kernel/kptr_restrict 2
# Create cgroup mount points for process groups
mkdir /dev/cpuctl