X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kernel_hardening_checker%2Fchecks.py;h=50dea2bf27b1c2faf693287978c94bded93c4832;hb=7235769c9c0c94cfb6fb864c714b3ccaa6872b9b;hp=1c05b43f37375b77f661f387b888bf17356b2808;hpb=74147677be71c808be92666f1764f154d8829df4;p=kconfig-hardened-check.git diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py index 1c05b43..50dea2b 100644 --- a/kernel_hardening_checker/checks.py +++ b/kernel_hardening_checker/checks.py @@ -544,14 +544,14 @@ def add_cmdline_checks(l, arch): KconfigCheck('cut_attack_surface', 'kspp', 'X86_VSYSCALL_EMULATION', 'is not set'), AND(KconfigCheck('cut_attack_surface', 'kspp', 'LEGACY_VSYSCALL_NONE', 'y'), CmdlineCheck('cut_attack_surface', 'kspp', 'vsyscall', 'is not set')))] - l += [OR(CmdlineCheck('cut_attack_surface', 'my', 'vdso32', '1'), - CmdlineCheck('cut_attack_surface', 'kspp', 'vdso32', '0'), + l += [OR(CmdlineCheck('cut_attack_surface', 'kspp', 'vdso32', '0'), + CmdlineCheck('cut_attack_surface', 'my', 'vdso32', '1'), AND(KconfigCheck('cut_attack_surface', 'kspp', 'COMPAT_VDSO', 'is not set'), CmdlineCheck('cut_attack_surface', 'my', 'vdso32', 'is not set')))] # the vdso32 parameter must not be 2 if arch == 'X86_32': - l += [OR(CmdlineCheck('cut_attack_surface', 'my', 'vdso32', '1'), - CmdlineCheck('cut_attack_surface', 'my', 'vdso', '1'), - CmdlineCheck('cut_attack_surface', 'kspp', 'vdso32', '0'), + l += [OR(CmdlineCheck('cut_attack_surface', 'kspp', 'vdso32', '0'), + CmdlineCheck('cut_attack_surface', 'my', 'vdso', '0'), + CmdlineCheck('cut_attack_surface', 'my', 'vdso32', '1'), CmdlineCheck('cut_attack_surface', 'my', 'vdso', '0'), AND(KconfigCheck('cut_attack_surface', 'kspp', 'COMPAT_VDSO', 'is not set'), CmdlineCheck('cut_attack_surface', 'my', 'vdso32', 'is not set'),