[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sysctl.conf



 Hi.

On Sun, 27 Oct 2013 11:25:15 +0400
Dmitrii Kashin <freehck@freehck.ru> wrote:

> Sysctl is used in order to give kernel some default parameters to work.
> The most common cases to use it:
> - to allow packets redirection
> - to enable/disable ipv6 support
> - to change console behavior and printk output.
> ..and so on, so on...
> 
> Do you really need some of this?

Don't forget restricting mmap from userspace to kernelspace (such mmap
lead to NULL-pointer dereferences in kernel in past) with
vm.mmap_min_addr.
Or, restricted privileges of perf kernel subsystem (local privilege
escalation to root) with kernel.perf_event_paranoid.
Or, bringing some sanity in virtual memory kernel subsystem with
vm.swappiness and vm.dirty_bytes.

User may need some of this.

Reco


Reply to: