diff options
author | Nick Kralevich <nnk@google.com> | 2011-11-02 08:51:37 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2011-11-02 09:24:27 -0700 |
commit | 2e7c833279349a694af15f2447cc214dc30bcc01 (patch) | |
tree | 2d1ec91e99a72741eeb85fa190fcb43983d37c4d /rootdir | |
parent | 06286288ef40837a5ab69fc09871f7d5f45c8bbd (diff) | |
download | system_core-2e7c833279349a694af15f2447cc214dc30bcc01.zip system_core-2e7c833279349a694af15f2447cc214dc30bcc01.tar.gz system_core-2e7c833279349a694af15f2447cc214dc30bcc01.tar.bz2 |
Set kptr_restrict to 2.
To make writing kernel exploits harder, set /proc/sys/kernel/kptr_restrict
to "2". This prohibits users from accessing kernel symbols via /proc/kallsyms
Bug: 5555668
Change-Id: Ib31cb6fcb4d212a0b570ce9e73ae31f721ed801b
Diffstat (limited to 'rootdir')
-rw-r--r-- | rootdir/init.rc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc index 3af0943..7031417 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -65,6 +65,7 @@ loglevel 3 write /proc/sys/kernel/sched_compat_yield 1 write /proc/sys/kernel/sched_child_runs_first 0 write /proc/sys/kernel/randomize_va_space 2 + write /proc/sys/kernel/kptr_restrict 2 # Create cgroup mount points for process groups mkdir /dev/cpuctl |