Hi. On Sun, 27 Oct 2013 11:25:15 +0400 Dmitrii Kashin <free...@freehck.ru> wrote:
> Sysctl is used in order to give kernel some default parameters to work. > The most common cases to use it: > - to allow packets redirection > - to enable/disable ipv6 support > - to change console behavior and printk output. > ..and so on, so on... > > Do you really need some of this? Don't forget restricting mmap from userspace to kernelspace (such mmap lead to NULL-pointer dereferences in kernel in past) with vm.mmap_min_addr. Or, restricted privileges of perf kernel subsystem (local privilege escalation to root) with kernel.perf_event_paranoid. Or, bringing some sanity in virtual memory kernel subsystem with vm.swappiness and vm.dirty_bytes. User may need some of this. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131027114024.f47ab436c3e54f16314e8...@gmail.com