minor RPM updates

#160
Kicksecure · Jan 17, 2024 · 08619d6 · 08619d6
1 parent 3048e0a
commit 08619d6
Showing 1 changed file with 2 additions and 45 deletions.
diff --git a/rpm_spec/security-misc.spec.in b/rpm_spec/security-misc.spec.in
@@ -4,7 +4,7 @@ Release:	1%{?dist}
 Summary:	enhances misc security settings
 
 License:	AGPL-3+
-URL:		https://github.com/Whonix/security-misc
+URL:		https://github.com/Kicksecure/security-misc
 Source0:	%{name}-%{version}.tar.xz
 
 BuildRequires: dpkg-dev
@@ -13,50 +13,7 @@ Requires:	make
 BuildArch:  noarch
 
 %description
-The following settings are changed:
-
-deactivates previews in Dolphin;
-deactivates previews in Nautilus;
-deactivates thumbnails in Thunar;
-deactivates TCP timestamps;
-deactivates Netfilter's connection tracking helper;
-
-TCP time stamps (RFC 1323) allow for tracking clock
-information with millisecond resolution. This may or may not allow an
-attacker to learn information about the system clock at such
-a resolution, depending on various issues such as network lag.
-This information is available to anyone who monitors the network
-somewhere between the attacked system and the destination server.
-It may allow an attacker to find out how long a given
-system has been running, and to distinguish several
-systems running behind NAT and using the same IP address. It might
-also allow one to look for clocks that match an expected value to find the
-public IP used by a user.
-
-Hence, this package disables this feature by shipping the
-/etc/sysctl.d/tcp_timestamps.conf configuration file.
-
-Note that TCP time stamps normally have some usefulness. They are
-needed for:
-
-* the TCP protection against wrapped sequence numbers; however, to
-  trigger a wrap, one needs to send roughly 2^32 packets in one
-  minute:  as said in RFC 1700, "The current recommended default
-  time to live (TTL) for the Internet Protocol (IP) [45,105] is 64".
-  So, this probably won't be a practical problem in the context
-  of Anonymity Distributions.
-
-* "Round-Trip Time Measurement", which is only useful when the user
-  manages to saturate their connection. When using Anonymity Distributions,
-  probably the limiting factor for transmission speed is rarely the capacity
-  of the user connection.
-
-Netfilter's connection tracking helper module increases kernel attack
-surface by enabling superfluous functionality such as IRC parsing in
-the kernel. (!)
-
-Hence, this package disables this feature by shipping the
-/etc/sysctl.d/nf_conntrack_helper.conf configuration file.
+See README.
 
 %prep
 %setup -q