More kernel hardening ideas
/proc/sys/fs/protected_symlinks doesn’t seem to be hardened on a vanilla Alpine Linux system. Is this by design?
Also, access to /boot/System.map* from non-root users is allowed (playing with kptr_restrict values didn’t fix the problem).
https://wiki.ubuntu.com/Security/Features page has lot of cool ideas which we might be able to borrow for Alpine Linux.
I can also start submitting patches :-)
(from redmine: issue id 3962, created on 2015-03-04)