X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2Fchecks.py;h=af4c6e2fbf6a5efc2df4d507a709c1c453d162ec;hb=f0c9f888c46889f5313ee0ad683d56cd38f3b6b9;hp=d61473655357d8fb223dd07ed4999f5762061b34;hpb=fa57d8b225d289997d7d019ab32252040efab4d6;p=kconfig-hardened-check.git

diff --git a/kconfig_hardened_check/checks.py b/kconfig_hardened_check/checks.py
index d614736..af4c6e2 100644
--- a/kconfig_hardened_check/checks.py
+++ b/kconfig_hardened_check/checks.py
@@ -31,8 +31,9 @@ This module contains knowledge for checks.
 #    fs.protected_regular=2
 #    fs.suid_dumpable=0
 #    kernel.modules_disabled=1
-#    kernel.randomize_va_space = 2
+#    kernel.randomize_va_space=2
 #    nosmt sysfs control file
+#    dev.tty.legacy_tiocsti=0
 #
 # Think of these boot params:
 #    module.sig_enforce=1
@@ -378,6 +379,7 @@ def add_kconfig_checks(l, arch):
     l += [bpf_syscall_not_set] # refers to LOCKDOWN
 
     # 'cut_attack_surface', 'my'
+    l += [KconfigCheck('cut_attack_surface', 'my', 'LEGACY_TIOCSTI', 'is not set')]
     l += [KconfigCheck('cut_attack_surface', 'my', 'MMIOTRACE', 'is not set')] # refers to LOCKDOWN (permissive)
     l += [KconfigCheck('cut_attack_surface', 'my', 'LIVEPATCH', 'is not set')]
     l += [KconfigCheck('cut_attack_surface', 'my', 'IP_DCCP', 'is not set')]