X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;ds=sidebyside;f=kconfig_hardened_check%2Fconfig_files%2Fkspp-recommendations%2Fkspp-recommendations-x86-64.config;h=c6b08206d53c308f749bb4dcb8f2982039b1f2c4;hb=6d0bc7d9064a4aab282068cb658517f0edaa0d31;hp=799a37db5555b9706f8f487940e991e005088af6;hpb=4852f7664e660aedbf786ea8567a7380ced8ac3c;p=kconfig-hardened-check.git

diff --git a/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-x86-64.config b/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-x86-64.config
index 799a37d..c6b0820 100644
--- a/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-x86-64.config
+++ b/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-x86-64.config
@@ -1,5 +1,5 @@
 # CONFIGs
-# Linux/x86_64 5.4.0 Kernel Configuration
+# Linux/x86_64 5.14.0 Kernel Configuration
 
 # Report BUG() conditions and kill the offending process.
 CONFIG_BUG=y
@@ -167,6 +167,9 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
 CONFIG_RANDOMIZE_BASE=y
 CONFIG_RANDOMIZE_MEMORY=y
 
+# Randomize kernel stack offset on syscall entry (since v5.13).
+CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
+
 # Modern libc no longer needs a fixed-position mapping in userspace, remove it as a possible target.
 CONFIG_LEGACY_VSYSCALL_NONE=y