Y
Hacker News
new
|
ask
|
show
|
jobs
by
amluto
700 days ago
For this sort of kernel attack surface reduction, I would use a combination of seccomp and runtime module loading restriction.
In the specific example of sctp, one can turn off loading of modules at runtime entirely.