Re: sysctl.conf
Hi.
On Sun, 27 Oct 2013 11:25:15 +0400
Dmitrii Kashin <freehck@freehck.ru> wrote:
> Sysctl is used in order to give kernel some default parameters to work.
> The most common cases to use it:
> - to allow packets redirection
> - to enable/disable ipv6 support
> - to change console behavior and printk output.
> ..and so on, so on...
>
> Do you really need some of this?
Don't forget restricting mmap from userspace to kernelspace (such mmap
lead to NULL-pointer dereferences in kernel in past) with
vm.mmap_min_addr.
Or, restricted privileges of perf kernel subsystem (local privilege
escalation to root) with kernel.perf_event_paranoid.
Or, bringing some sanity in virtual memory kernel subsystem with
vm.swappiness and vm.dirty_bytes.
User may need some of this.
Reco
Reply to: