diff options
author | Charlie <2747302+CharlieC3@users.noreply.github.com> | 2023-08-24 16:54:47 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-08-24 16:54:47 -0400 |
commit | 0244416aacbad03e4ebe8f2c95c7861a318916ea (patch) | |
tree | cee3c26fd5803b5b7668431b3ad1ece403c054b1 | |
parent | 5ce200dda23752cf8bf6dccb23aea4b23f1653ae (diff) | |
download | bitcoin-0244416aacbad03e4ebe8f2c95c7861a318916ea.tar.xz |
security: restrict abis in bitcoind.service
It's recommended to restrict the possible application binary interfaces that can be used when setting `MemoryDenyWriteExecute=true` to ensure it cannot be circumvented.
-rw-r--r-- | contrib/init/bitcoind.service | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/contrib/init/bitcoind.service b/contrib/init/bitcoind.service index 87da17f955..ade8a05926 100644 --- a/contrib/init/bitcoind.service +++ b/contrib/init/bitcoind.service @@ -81,5 +81,8 @@ PrivateDevices=true # Deny the creation of writable and executable memory mappings. MemoryDenyWriteExecute=true +# Restrict ABIs to help ensure MemoryDenyWriteExecute is enforced +SystemCallArchitectures=native + [Install] WantedBy=multi-user.target |