projects / kconfig-hardened-check.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f1903be) | patch
Withdraw my recommendation about BPF_JIT
authorAlexander Popov <alex.popov@linux.com>
Fri, 16 Oct 2020 15:05:37 +0000 (18:05 +0300)
committerAlexander Popov <alex.popov@linux.com>
Fri, 16 Oct 2020 15:05:37 +0000 (18:05 +0300)
commit4c7a125eb7a2fe97c5b3e81dad4768b45d915d0a
tree3acb743f5cb6e06048e6309cd4437232563a1b91tree | snapshot (zip tar.gz)
parentf1903be823b26d7ab8d510aed2455471b670e858commit | diff
Withdraw my recommendation about BPF_JIT

CLIP OS wiki and Kees say that BPF interpreter is worse for the kernel
security than BPF_JIT.

So for now I withdraw my recommendation about BPF_JIT.

N.B. LOCKDOWN disables BPF_SYSCALL, but not BPF_JIT.
kconfig_hardened_check/__init__.py diff | blob | history
kconfig-hardened-check