Re: sysctl.conf

To: debian-user@lists.debian.org
Subject: Re: sysctl.conf
From: Reco <recoverym4n@gmail.com>
Date: Sun, 27 Oct 2013 11:40:24 +0400
Message-id: <[🔎] 20131027114024.f47ab436c3e54f16314e83f9@gmail.com>
In-reply-to: <[🔎] 87sivnyy3o.fsf@lpt00.freehck.ru>
References: <[🔎] DUB121-W1A5479B46130E48EE276D8A0E0@phx.gbl> <[🔎] 1382817539.656.269.camel@archlinux> <[🔎] DUB121-W4405894F60A5BED5F5700A8A0E0@phx.gbl> <[🔎] 87sivnyy3o.fsf@lpt00.freehck.ru>

 Hi.

On Sun, 27 Oct 2013 11:25:15 +0400
Dmitrii Kashin <freehck@freehck.ru> wrote:

> Sysctl is used in order to give kernel some default parameters to work.
> The most common cases to use it:
> - to allow packets redirection
> - to enable/disable ipv6 support
> - to change console behavior and printk output.
> ..and so on, so on...
> 
> Do you really need some of this?

Don't forget restricting mmap from userspace to kernelspace (such mmap
lead to NULL-pointer dereferences in kernel in past) with
vm.mmap_min_addr.
Or, restricted privileges of perf kernel subsystem (local privilege
escalation to root) with kernel.perf_event_paranoid.
Or, bringing some sanity in virtual memory kernel subsystem with
vm.swappiness and vm.dirty_bytes.

User may need some of this.

Reco

Reply to:

References:
- sysctl.conf
  - From: Roland RoLaNd <r_o_l_a_n_d@hotmail.com>
- Re: sysctl.conf
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
- RE: sysctl.conf
  - From: Roland RoLaNd <r_o_l_a_n_d@hotmail.com>
- Re: sysctl.conf
  - From: Dmitrii Kashin <freehck@freehck.ru>

Prev by Date: Re: sudo and UNIXes (was: audacity export wma format[1 more question])
Next by Date: Re: apt-get aptitude dependencies purge
Previous by thread: Re: sysctl.conf
Next by thread: Re: sysctl.conf
Index(es):
- Date
- Thread