Skip to content

HBSD: Disable INCLUDE_CONFIG_FILE

It is better to disable the INCLUDE_CONFIG_FILE option
so as not to include the kernel configuration file.
This allows to redure kernel infoleaks and thus to
complicate the life of the attacker which we have already
deprived of direct access to the kernel [1].

[1] commit 394e5e99 ("HBSD: prevent kernel reading by non-root users")

Signed-off-by: Loic <loic.f@hardenedbsd.org>
Reported-by: Shawn Webb <shawn.webb@hardenedbsd.org>
Issue: #47 

Merge request reports