1 files changed, 17 insertions, 0 deletions
diff --git a/todo b/todo
index 5ceb4e530..43168dd5a 100644
--- a/todo
+++ b/todo
@@ -218,3 +218,20 @@ sudo firejail /snap/bin/ubuntu-clock-app.clock
 extract env for process
 ps e -p <pid> | sed 's/ /\n/g' 
+20. check default disable - from grsecurity
+GRKERNSEC_HIDESYM
+/proc/kallsyms and other files
+GRKERNSEC_PROC_USER
+If you say Y here, non-root users will only be able to view their own
+processes, and restricts them from viewing network-related information,
+and viewing kernel symbol and module information.
+GRKERNSEC_PROC_ADD
+If you say Y here, additional restrictions will be placed on
+/proc that keep normal users from viewing device information and 
+slabinfo information that could be useful for exploits.

diff --git a/todo b/todo index 5ceb4e530..43168dd5a 100644 --- a/todo +++ b/todo
@@ -218,3 +218,20 @@ sudo firejail /snap/bin/ubuntu-clock-app.clock
218		218
219	extract env for process	219	extract env for process
220	ps e -p <pid> \| sed 's/ /\n/g'	220	ps e -p <pid> \| sed 's/ /\n/g'
		221
		222
		223	20. check default disable - from grsecurity
		224
		225	GRKERNSEC_HIDESYM
		226	/proc/kallsyms and other files
		227
		228	GRKERNSEC_PROC_USER
		229	If you say Y here, non-root users will only be able to view their own
		230	processes, and restricts them from viewing network-related information,
		231	and viewing kernel symbol and module information.
		232
		233	GRKERNSEC_PROC_ADD
		234	If you say Y here, additional restrictions will be placed on
		235	/proc that keep normal users from viewing device information and
		236	slabinfo information that could be useful for exploits.
		237