From 2e7c833279349a694af15f2447cc214dc30bcc01 Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Wed, 2 Nov 2011 08:51:37 -0700 Subject: [PATCH] Set kptr_restrict to 2. To make writing kernel exploits harder, set /proc/sys/kernel/kptr_restrict to "2". This prohibits users from accessing kernel symbols via /proc/kallsyms Bug: 5555668 Change-Id: Ib31cb6fcb4d212a0b570ce9e73ae31f721ed801b --- rootdir/init.rc | 1 + 1 file changed, 1 insertion(+) diff --git a/rootdir/init.rc b/rootdir/init.rc index 3af094377..7031417fb 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -65,6 +65,7 @@ loglevel 3 write /proc/sys/kernel/sched_compat_yield 1 write /proc/sys/kernel/sched_child_runs_first 0 write /proc/sys/kernel/randomize_va_space 2 + write /proc/sys/kernel/kptr_restrict 2 # Create cgroup mount points for process groups mkdir /dev/cpuctl