projects / kconfig-hardened-check.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Update KSPP recommendations
[kconfig-hardened-check.git] / kconfig_hardened_check / config_files / kspp-recommendations / kspp-recommendations-arm.config
diff --git a/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-arm.config b/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-arm.config
index 3c6c0375e0b86b63e68b9d4f5e99b8b621c60ac1..4271f7db57768d9335204531c8e26ce2a2c53612 100644 (file)
--- a/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-arm.config
+++ b/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-arm.config
@@ -80,6 +80,9 @@ CONFIG_REFCOUNT_FULL=y
 # Check for memory copies that might overflow a structure in str*() and mem*() functions both at build-time and run-time.
 CONFIG_FORTIFY_SOURCE=y
 
+# Avoid kernel memory address exposures via dmesg (sets sysctl kernel.dmesg_restrict initial value to 1)
+CONFIG_SECURITY_DMESG_RESTRICT=y
+
 # Dangerous; enabling this allows direct physical memory writing.
 # CONFIG_ACPI_CUSTOM_METHOD is not set
 
kconfig-hardened-check