X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2Fconfig_files%2Fkspp-recommendations%2Fkspp-recommendations-arm.config;fp=kconfig_hardened_check%2Fconfig_files%2Fkspp-recommendations%2Fkspp-recommendations-arm.config;h=4271f7db57768d9335204531c8e26ce2a2c53612;hb=29de5cc2de013ade52bb7589669672c7b0e2358d;hp=3c6c0375e0b86b63e68b9d4f5e99b8b621c60ac1;hpb=fb4d95bdfcdb5a62849cfaabf076d8c0415541b0;p=kconfig-hardened-check.git

diff --git a/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-arm.config b/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-arm.config
index 3c6c037..4271f7d 100644
--- a/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-arm.config
+++ b/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-arm.config
@@ -80,6 +80,9 @@ CONFIG_REFCOUNT_FULL=y
 # Check for memory copies that might overflow a structure in str*() and mem*() functions both at build-time and run-time.
 CONFIG_FORTIFY_SOURCE=y
 
+# Avoid kernel memory address exposures via dmesg (sets sysctl kernel.dmesg_restrict initial value to 1)
+CONFIG_SECURITY_DMESG_RESTRICT=y
+
 # Dangerous; enabling this allows direct physical memory writing.
 # CONFIG_ACPI_CUSTOM_METHOD is not set