Kernel Hardening - security-misc

Patrick · August 6, 2024, 7:45am

Patrick · August 6, 2024, 1:50pm

Use `slub_debug=FZ`?

opened 04:07PM - 31 Jul 24 UTC

https://tails.net/contribute/design/kernel_hardening/ https://gitlab.tails.boum….org/tails/tails/-/issues/19613 https://kspp.github.io/Recommended_Settings slub_debug is not apparently used in Kicksecure (and friends Whonix and QubesOS). Tails and KSPP, however, do recommend using `slub_debug=FZ`, still used in Tails to this day. In summary of these sources, the consensus is that slub debugging is not generally harmful because the "information leak" is only to root when kernel lockdown is enabled, and that it therefore doesn't matter that kernel pointer hashing is disabled because root should never be compromised. Concerns of [risk of slub debugging](https://madaidans-insecurities.github.io/guides/linux-hardening.html#boot-parameters) would therefore be overstated. Not sure about any other contraindictions, though.

github.com/Kicksecure/security-misc

Enable `slab_debug=FZ`

Kicksecure:master ← raja-grewal:slab_debug

opened 04:31AM - 05 Aug 24 UTC

raja-grewal

+3 -5

Addresses https://github.com/Kicksecure/security-misc/issues/253#issuecomment-22…67656246. Incorporate KSPP recommendation: https://kspp.github.io/Recommended_Settings#kernel-command-line-options ## Changes Enables kernel parameter (again): `slab_debug=FZ` ## Mandatory Checklist - [x] Legal agreements accepted. By contributing to this organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements: [Terms of Service](https://www.kicksecure.com/wiki/Terms_of_Service), [Privacy Policy](https://www.kicksecure.com/wiki/Privacy_Policy), [Cookie Policy](https://www.kicksecure.com/wiki/Cookie_Policy), [E-Sign Consent](https://www.kicksecure.com/wiki/E-Sign_Consent), [DMCA](https://www.kicksecure.com/wiki/DMCA), [Imprint](https://www.kicksecure.com/wiki/Imprint) ## Optional Checklist The following items are optional but might be requested in certain cases. - [x] I have tested it locally - [x] I have reviewed and updated any documentation if relevant - [ ] I am providing new code and test(s) for it

github.com/Kicksecure/security-misc

Enable `dev.tty.legacy_tiocsti=0`

Kicksecure:master ← raja-grewal:legacy_tiocsti

opened 05:12AM - 05 Aug 24 UTC

raja-grewal

+7 -6

Apply KSPP recommendation: https://kspp.github.io/Recommended_Settings#sysctls … ## Changes Enables `sysctl`: `dev.tty.legacy_tiocsti=0` ## Mandatory Checklist - [x] Legal agreements accepted. By contributing to this organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements: [Terms of Service](https://www.kicksecure.com/wiki/Terms_of_Service), [Privacy Policy](https://www.kicksecure.com/wiki/Privacy_Policy), [Cookie Policy](https://www.kicksecure.com/wiki/Cookie_Policy), [E-Sign Consent](https://www.kicksecure.com/wiki/E-Sign_Consent), [DMCA](https://www.kicksecure.com/wiki/DMCA), [Imprint](https://www.kicksecure.com/wiki/Imprint) ## Optional Checklist The following items are optional but might be requested in certain cases. - [x] I have tested it locally - [x] I have reviewed and updated any documentation if relevant - [ ] I am providing new code and test(s) for it

github.com/Kicksecure/security-misc

Enable `kfence.sample_interval=100`

Kicksecure:master ← raja-grewal:kfence

opened 05:14AM - 05 Aug 24 UTC

raja-grewal

+3 -4

Apply KSPP recommendation: https://kspp.github.io/Recommended_Settings#kernel-c…ommand-line-options ## Changes Enables kernel parameter: `kfence.sample_interval=100` ## Mandatory Checklist - [x] Legal agreements accepted. By contributing to this organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements: [Terms of Service](https://www.kicksecure.com/wiki/Terms_of_Service), [Privacy Policy](https://www.kicksecure.com/wiki/Privacy_Policy), [Cookie Policy](https://www.kicksecure.com/wiki/Cookie_Policy), [E-Sign Consent](https://www.kicksecure.com/wiki/E-Sign_Consent), [DMCA](https://www.kicksecure.com/wiki/DMCA), [Imprint](https://www.kicksecure.com/wiki/Imprint) ## Optional Checklist The following items are optional but might be requested in certain cases. - [x] I have tested it locally - [x] I have reviewed and updated any documentation if relevant - [ ] I am providing new code and test(s) for it

github.com/Kicksecure/security-misc

Enable `vdso32=0`

Kicksecure:master ← raja-grewal:vdso32

opened 05:15AM - 05 Aug 24 UTC

raja-grewal

+6 -6

Apply KSPP recommendation: https://kspp.github.io/Recommended_Settings#x86_64-1… ## Changes Enable kernel parameter: `vdso32=0` ## Mandatory Checklist - [x] Legal agreements accepted. By contributing to this organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements: [Terms of Service](https://www.kicksecure.com/wiki/Terms_of_Service), [Privacy Policy](https://www.kicksecure.com/wiki/Privacy_Policy), [Cookie Policy](https://www.kicksecure.com/wiki/Cookie_Policy), [E-Sign Consent](https://www.kicksecure.com/wiki/E-Sign_Consent), [DMCA](https://www.kicksecure.com/wiki/DMCA), [Imprint](https://www.kicksecure.com/wiki/Imprint) ## Optional Checklist The following items are optional but might be requested in certain cases. - [x] I have tested it locally - [x] I have reviewed and updated any documentation if relevant - [ ] I am providing new code and test(s) for it

Patrick · August 25, 2024, 2:29pm

github.com/Kicksecure/security-misc

Minor presentation updates

Kicksecure:master ← raja-grewal:mod

opened 02:59AM - 21 Aug 24 UTC

raja-grewal

+135 -99

This pull request provides some organisation to the README.md and also reduced t…he chance of merge conflicts when it comes to blacklisting/disabling modules in the future. ## Changes There are no changes to the functionality of the code. ## Mandatory Checklist - [x] Legal agreements accepted. By contributing to this organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements: [Terms of Service](https://www.kicksecure.com/wiki/Terms_of_Service), [Privacy Policy](https://www.kicksecure.com/wiki/Privacy_Policy), [Cookie Policy](https://www.kicksecure.com/wiki/Cookie_Policy), [E-Sign Consent](https://www.kicksecure.com/wiki/E-Sign_Consent), [DMCA](https://www.kicksecure.com/wiki/DMCA), [Imprint](https://www.kicksecure.com/wiki/Imprint) ## Optional Checklist The following items are optional but might be requested in certain cases. - [x] I have tested it locally - [x] I have reviewed and updated any documentation if relevant - [ ] I am providing new code and test(s) for it

Patrick · August 25, 2024, 2:55pm

github.com/Kicksecure/security-misc

Simplify syntax of some network-related `sysctl`'s

Kicksecure:master ← raja-grewal:syntax

opened 02:57AM - 16 Aug 24 UTC

raja-grewal

+12 -19

This pull request simplifies the syntax of some network-related `sysctl`'s. I… do not think there is a need to distinguish between application to 'all' and 'default'. Ideally these setting should be applied across the board regardless of interface. One could also make the case this might be a form of weak 'hardening' as we have simplified each setting to one line (defence-in-depth etc.). Note this approach is also currently used by GrapheneOS's [infrastructure](https://github.com/GrapheneOS/infrastructure/blob/main/sysctl.d/local.conf). For example: ``` net.ipv4.conf.all.accept_redirects=0 net.ipv4.conf.default.accept_redirects=0 ``` to ``` net.ipv4.conf.*.accept_redirects=0 ``` ## Changes There are (likely) no changes to the functionality of the code. EDIT: This PR attempts to fix a bug in the existing `rp_filter` implementation, see below. ## Mandatory Checklist - [x] Legal agreements accepted. By contributing to this organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements: [Terms of Service](https://www.kicksecure.com/wiki/Terms_of_Service), [Privacy Policy](https://www.kicksecure.com/wiki/Privacy_Policy), [Cookie Policy](https://www.kicksecure.com/wiki/Cookie_Policy), [E-Sign Consent](https://www.kicksecure.com/wiki/E-Sign_Consent), [DMCA](https://www.kicksecure.com/wiki/DMCA), [Imprint](https://www.kicksecure.com/wiki/Imprint) ## Optional Checklist The following items are optional but might be requested in certain cases. - [x] I have tested it locally - [x] I have reviewed and updated any documentation if relevant - [ ] I am providing new code and test(s) for it

Patrick · August 25, 2024, 3:01pm

github.com/Kicksecure/security-misc

Provide option to disable user namespaces

Kicksecure:master ← raja-grewal:max_user_namespaces

opened 12:58PM - 16 Aug 24 UTC

raja-grewal

+10 -1

This pull request provides the option to disable user namespaces as per KSPP [re…commendation](https://kspp.github.io/Recommended_Settings#sysctls). ## Changes There are no changes to the functionality of the code. ## Mandatory Checklist - [x] Legal agreements accepted. By contributing to this organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements: [Terms of Service](https://www.kicksecure.com/wiki/Terms_of_Service), [Privacy Policy](https://www.kicksecure.com/wiki/Privacy_Policy), [Cookie Policy](https://www.kicksecure.com/wiki/Cookie_Policy), [E-Sign Consent](https://www.kicksecure.com/wiki/E-Sign_Consent), [DMCA](https://www.kicksecure.com/wiki/DMCA), [Imprint](https://www.kicksecure.com/wiki/Imprint) ## Optional Checklist The following items are optional but might be requested in certain cases. - [x] I have tested it locally - [x] I have reviewed and updated any documentation if relevant - [ ] I am providing new code and test(s) for it

Patrick · August 25, 2024, 3:02pm

github.com/Kicksecure/security-misc

Add KSPP compliance notices to corresponding parameters and `sysctls`

Kicksecure:master ← raja-grewal:kspp_compliance

opened 03:38PM - 18 Aug 24 UTC

raja-grewal

+137 -10

This PR adds KSPP compliance notices to corresponding parameters and `sysctl`s a…s per https://github.com/Kicksecure/security-misc/issues/256. I have tried to be comprehensive and thorough but please re-check my work. For the time being I have decided not to add "KSPP=no" notices as I am not sure that these would be helpful? Is there any point in showing non-compliance if we already show what is consistent with the KSPP. Also there are two areas of of partial compliance: ``` ## KSPP sets the stricter sysctl user.max_user_namespaces=0. ## kernel.unprivileged_userns_clone=0 ## KSPP sets the stricter sysctl kernel.yama.ptrace_scope=3. ## kernel.yama.ptrace_scope=2 ``` Do we want to adhere to the KSPP on these? The first is discussed in https://github.com/Kicksecure/security-misc/pull/263 and has the potential to cause breakages but I am not that familiar with its real world usage. The second was discussed earlier in https://github.com/Kicksecure/security-misc/pull/242. ## Changes There are currently no changes to the functionality of the code. ## Mandatory Checklist - [x] Legal agreements accepted. By contributing to this organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements: [Terms of Service](https://www.kicksecure.com/wiki/Terms_of_Service), [Privacy Policy](https://www.kicksecure.com/wiki/Privacy_Policy), [Cookie Policy](https://www.kicksecure.com/wiki/Cookie_Policy), [E-Sign Consent](https://www.kicksecure.com/wiki/E-Sign_Consent), [DMCA](https://www.kicksecure.com/wiki/DMCA), [Imprint](https://www.kicksecure.com/wiki/Imprint) ## Optional Checklist The following items are optional but might be requested in certain cases. - [x] I have tested it locally - [x] I have reviewed and updated any documentation if relevant - [ ] I am providing new code and test(s) for it

github.com/Kicksecure/security-misc

Set `sysctl vm.mmap_min_addr=65536`

Kicksecure:master ← raja-grewal:mmap_min_addr

opened 01:38AM - 19 Aug 24 UTC

raja-grewal

+17 -0

This pull request sets `sysctl vm.mmap_min_addr=65536` as per the KSPP [recommen…dations](https://kspp.github.io/Recommended_Settings#x86_64) . ## Changes Set `sysctl vm.mmap_min_addr=65536`. ## Mandatory Checklist - [x] Legal agreements accepted. By contributing to this organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements: [Terms of Service](https://www.kicksecure.com/wiki/Terms_of_Service), [Privacy Policy](https://www.kicksecure.com/wiki/Privacy_Policy), [Cookie Policy](https://www.kicksecure.com/wiki/Cookie_Policy), [E-Sign Consent](https://www.kicksecure.com/wiki/E-Sign_Consent), [DMCA](https://www.kicksecure.com/wiki/DMCA), [Imprint](https://www.kicksecure.com/wiki/Imprint) ## Optional Checklist The following items are optional but might be requested in certain cases. - [x] I have tested it locally - [x] I have reviewed and updated any documentation if relevant - [ ] I am providing new code and test(s) for it

Patrick · August 28, 2024, 10:47am

github.com/Kicksecure/security-misc

file/folder permissions issue `d????????? ? ? ? ? ? .` | Firefox no longer starting (probably not not a Firefox issue) | caused by disallow registering interpreters for miscellaneous binary formats `sysctl fs.binfmt_misc.status=0`

opened 10:34AM - 28 Aug 24 UTC

adrelanos

`ls -la .mozilla` ``` ls: cannot access '.mozilla/..': Permission denied ls…: cannot access '.mozilla/.': Permission denied total 0 d????????? ? ? ? ? ? . d????????? ? ? ? ? ? .. zsh: exit 1 ls -hN --color=auto --group-directories-first -la .mozilla ``` Probably caused by: * https://github.com/Kicksecure/security-misc/pull/249 After running, sudo sysctl fs.binfmt_misc.status=1 file permissions (and Firefox starting) were back to normal.

Patrick · August 29, 2024, 8:47am

github.com/Kicksecure/security-misc

Enable `panic_on_warn=1`

Kicksecure:master ← raja-grewal:panic_on_warn

opened 04:09PM - 28 Aug 24 UTC

raja-grewal

+9 -8

Partial follow-up on https://github.com/Kicksecure/security-misc/pull/264#issuec…omment-2314954119. This pull request sets `sysctl kernel.panic_on_warn=1` as per the KSPP [recommendations](https://kspp.github.io/Recommended_Settings#sysctls). ``` # Reboot after even 1 WARN or BUG/Oops. Adjust for your tolerances. (Since v6.2) # If you want to set oops_limit greater than one, you will need to disable CONFIG_PANIC_ON_OOPS. kernel.warn_limit = 1 kernel.oops_limit = 1 ``` The proposed setting is not exactly equivalent as the KSPP assumes kernel >= 6.2. Therefore, we are forced to use the older binary `kernel.panic_on_warn=1` enabling which does not allow setting numerical limits. Could potentially still enable forcing reboot after a single kernel panic using `kernel.panic=-1` to be in full compliance with the KSPP. Thoughts? ## Changes Set `sysctl kernel.panic_on_warn=1`. ## Mandatory Checklist - [x] Legal agreements accepted. By contributing to this organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements: [Terms of Service](https://www.kicksecure.com/wiki/Terms_of_Service), [Privacy Policy](https://www.kicksecure.com/wiki/Privacy_Policy), [Cookie Policy](https://www.kicksecure.com/wiki/Cookie_Policy), [E-Sign Consent](https://www.kicksecure.com/wiki/E-Sign_Consent), [DMCA](https://www.kicksecure.com/wiki/DMCA), [Imprint](https://www.kicksecure.com/wiki/Imprint) ## Optional Checklist The following items are optional but might be requested in certain cases. - [x] I have tested it locally - [x] I have reviewed and updated any documentation if relevant - [ ] I am providing new code and test(s) for it

raja · September 13, 2024, 11:49am

Interesting development on the future of implementing CPU mitigations.

https://lore.kernel.org/lkml/20240912190857.235849-1-david.kaplan@amd.com/T/#m81d5854d625e41baa18888a6183d0c7b56d05e36

If this is merged, all we will have to set is the boot parameters:

mitigation_user_kernel=on
mitigate_user_user=on
mitigate_guest_host=on
mitigate_guest_guest=on
mitigate_cross_thread=on

This will be a greatly reduce the maintenance burden as we will (ideally) no longer have to manually apply newer mitigations. This is of course assuming that they are all applied in their strictest forms.

Note:
In the kernel patch, see the table under the heading

+Summary of attack-vector mitigations
+------------------------------------

for details on what mitigations each proposed boot parameter enables. I can’t seem to copy that table here while preserving the formatting.

Patrick · September 14, 2024, 2:10am

VirtualBox ICH AC97 audio device broken due to kernel module blacklisting:

github.com/Kicksecure/security-misc

kernel module blacklist breaks VirtualBox audio devices ICH AC97 and maybe Intel HD

opened 02:09AM - 14 Sep 24 UTC

adrelanos

Due to [complex audio issues](https://www.kicksecure.com/wiki/Dev/audio), we can…not blacklist the kernel modules required for VirtualBox ICH AC97 audio device just yet. Kicksecure * stable at time of writing (14 September 2024) version `17.2.0.7` will old security-misc, versus * `17.2.2.6` (unreleased) with new security-misc. `ICH AC97`: ``` ac97_bus joydev snd_ac97_codec snd_intel8x0 snd_pcm ``` `Intel HD`: ``` joydev ``` This has been found out using [Compare Loaded Kernel Modules](https://www.kicksecure.com/wiki/Kernel_module#Compare_Loaded_Kernel_Modules). Breaking means there is no audio at all in case of `ICH AC97`. `Intel HD` works without the `joydev` kernel module, I am not sure yet it is important or better to keep it blacklisted. Therefore some kernel modules need to be removed from the blacklist.

Patrick · September 14, 2024, 8:30pm

`gather_data_sampling=force` - Enable Gather Data Sampling (GDS) mitigation - related to CPU `AVX` instruction; More CPU Mitigations and Additional References by raja-grewal · Pull Request #218 · Kicksecure/security-misc · GitHub

Patrick · September 25, 2024, 12:13am

github.com/Kicksecure/security-misc

Documentation update

Kicksecure:master ← raja-grewal:text

opened 12:03AM - 25 Sep 24 UTC

raja-grewal

+10 -8

## Mandatory Checklist - [x] Legal agreements accepted. By contributing to th…is organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements: [Terms of Service](https://www.kicksecure.com/wiki/Terms_of_Service), [Privacy Policy](https://www.kicksecure.com/wiki/Privacy_Policy), [Cookie Policy](https://www.kicksecure.com/wiki/Cookie_Policy), [E-Sign Consent](https://www.kicksecure.com/wiki/E-Sign_Consent), [DMCA](https://www.kicksecure.com/wiki/DMCA), [Imprint](https://www.kicksecure.com/wiki/Imprint) ## Optional Checklist The following items are optional but might be requested in certain cases. - [x] I have tested it locally - [x] I have reviewed and updated any documentation if relevant - [ ] I am providing new code and test(s) for it

Patrick · October 8, 2024, 9:52am

github.com/Kicksecure/security-misc

Documentation update 2

Kicksecure:master ← raja-grewal:text_2

opened 01:13PM - 26 Sep 24 UTC

raja-grewal

+11 -3

## Mandatory Checklist - [x] Legal agreements accepted. By contributing to th…is organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements: [Terms of Service](https://www.kicksecure.com/wiki/Terms_of_Service), [Privacy Policy](https://www.kicksecure.com/wiki/Privacy_Policy), [Cookie Policy](https://www.kicksecure.com/wiki/Cookie_Policy), [E-Sign Consent](https://www.kicksecure.com/wiki/E-Sign_Consent), [DMCA](https://www.kicksecure.com/wiki/DMCA), [Imprint](https://www.kicksecure.com/wiki/Imprint) ## Optional Checklist The following items are optional but might be requested in certain cases. - [x] I have tested it locally - [x] I have reviewed and updated any documentation if relevant - [ ] I am providing new code and test(s) for it

Patrick · October 8, 2024, 9:58am

github.com/Kicksecure/security-misc

slightly confusing KSPP header, introduce `KSPP=undocumented` comment in case KSPP does not mention it

opened 09:58AM - 08 Oct 24 UTC

adrelanos

For example https://github.com/Kicksecure/security-misc/blob/master/etc/default/…grub.d/41_quiet_boot.cfg is currently a bit confusing. ``` ## Definitions: ## KSPP=yes: compliant with recommendations by the KSPP ## KSPP=partial: partially compliant with recommendations by the KSPP ## KSPP=no: not (currently) compliant with recommendations by the KSPP ``` ``` GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT loglevel=0" ``` So this is KSPP compliant, partial or not? The file header shows the various KSPP compliance status but how about settings that KSPP does not mention but we add? It's not `KSPP=no` as KSPP has no commented on it. New status? > `KSPP=undocumented`: not mentioned by KSPP

Patrick · October 16, 2024, 10:28am

github.com/Kicksecure/security-misc

Clarify KSPP compliance header

Kicksecure:master ← raja-grewal:KSPP_header

opened 03:05AM - 14 Oct 24 UTC

raja-grewal

+18 -5

Addresses https://github.com/Kicksecure/security-misc/issues/275. ## Mandator…y Checklist - [x] Legal agreements accepted. By contributing to this organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements: [Terms of Service](https://www.kicksecure.com/wiki/Terms_of_Service), [Privacy Policy](https://www.kicksecure.com/wiki/Privacy_Policy), [Cookie Policy](https://www.kicksecure.com/wiki/Cookie_Policy), [E-Sign Consent](https://www.kicksecure.com/wiki/E-Sign_Consent), [DMCA](https://www.kicksecure.com/wiki/DMCA), [Imprint](https://www.kicksecure.com/wiki/Imprint) ## Optional Checklist The following items are optional but might be requested in certain cases. - [x] I have tested it locally - [x] I have reviewed and updated any documentation if relevant - [ ] I am providing new code and test(s) for it

Patrick · October 20, 2024, 8:13am

Patrick · October 20, 2024, 8:23am

Patrick · November 8, 2024, 12:40pm

github.com/Kicksecure/security-misc

Enable `ssbd=force-on`

Kicksecure:master ← raja-grewal:ssbd

opened 04:41AM - 08 Nov 24 UTC

raja-grewal

+2 -0

As per the suggested review in https://github.com/Kicksecure/security-misc/issue…s/278, there is a minor addition we can make that in many cases is not neccessary. Currently, our inclusion of `spec_store_bypass_disable=on` unconditionally disables Speculative Store Bypass . The use of `ssbd=force-on` also unconditionally enables the mitigation for both kernel and userspace that is applicable in situations where a firmware based mitigation is offered. Therefore, I see no harm in also including this parameter. ## Changes Add the `ssbd=force-on` kernel boot parameter. ## Mandatory Checklist - [x] Legal agreements accepted. By contributing to this organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements: [Terms of Service](https://www.kicksecure.com/wiki/Terms_of_Service), [Privacy Policy](https://www.kicksecure.com/wiki/Privacy_Policy), [Cookie Policy](https://www.kicksecure.com/wiki/Cookie_Policy), [E-Sign Consent](https://www.kicksecure.com/wiki/E-Sign_Consent), [DMCA](https://www.kicksecure.com/wiki/DMCA), [Imprint](https://www.kicksecure.com/wiki/Imprint) ## Optional Checklist The following items are optional but might be requested in certain cases. - [x] I have tested it locally - [x] I have reviewed and updated any documentation if relevant - [ ] I am providing new code and test(s) for it

Patrick · November 8, 2024, 12:40pm

github.com/Kicksecure/security-misc

Provide option to drop gratuitous ARP packets

Kicksecure:master ← raja-grewal:arp

opened 04:02AM - 08 Nov 24 UTC

raja-grewal

+14 -0

Provide option to drop gratuitous ARP packets. Observed no issues using the `…systcl` in my own testing. ## Changes Currently commented-out. Can enable the `systcl` after comprehensive testing. ## Mandatory Checklist - [x] Legal agreements accepted. By contributing to this organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements: [Terms of Service](https://www.kicksecure.com/wiki/Terms_of_Service), [Privacy Policy](https://www.kicksecure.com/wiki/Privacy_Policy), [Cookie Policy](https://www.kicksecure.com/wiki/Cookie_Policy), [E-Sign Consent](https://www.kicksecure.com/wiki/E-Sign_Consent), [DMCA](https://www.kicksecure.com/wiki/DMCA), [Imprint](https://www.kicksecure.com/wiki/Imprint) ## Optional Checklist The following items are optional but might be requested in certain cases. - [x] I have tested it locally - [x] I have reviewed and updated any documentation if relevant - [ ] I am providing new code and test(s) for it

Patrick · November 11, 2024, 10:26am