Set kptr_restrict to 2. To make writing kernel exploits harder, set /proc/sys/kernel/kptr_restrict to "2". This prohibits users from accessing kernel symbols via /proc/kallsyms Bug: 5555668 Change-Id: Ib31cb6fcb4d212a0b570ce9e73ae31f721ed801b

commit: 2e7c833279349a694af15f2447cc214dc30bcc01 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Wed Nov 02 08:51:37 2011 -0700
committer: Nick Kralevich <nnk@google.com> Wed Nov 02 09:24:27 2011 -0700
tree: 2d1ec91e99a72741eeb85fa190fcb43983d37c4d
parent: 06286288ef40837a5ab69fc09871f7d5f45c8bbd [diff] [blame]
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 3af0943..7031417 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -65,6 +65,7 @@
     write /proc/sys/kernel/sched_compat_yield 1
     write /proc/sys/kernel/sched_child_runs_first 0
     write /proc/sys/kernel/randomize_va_space 2
+    write /proc/sys/kernel/kptr_restrict 2
 
 # Create cgroup mount points for process groups
     mkdir /dev/cpuctl
commit	2e7c833279349a694af15f2447cc214dc30bcc01	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Wed Nov 02 08:51:37 2011 -0700
committer	Nick Kralevich <nnk@google.com>	Wed Nov 02 09:24:27 2011 -0700
tree	2d1ec91e99a72741eeb85fa190fcb43983d37c4d
parent	06286288ef40837a5ab69fc09871f7d5f45c8bbd [diff] [blame]